Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Comp running too slow, locking up [Solved]

Started by jester1525 , Aug 19 2012 12:09 AM

  • This topic is locked This topic is locked

#1
jester1525
Posted 19 August 2012 - 12:09 AM

jester1525

    Member

  • Member
  • PipPip
  • 21 posts
My Computer seems to be lagging - even though I have plenty of ram and CPU available in the task manager, it continues to lag. I just added a couple GB of Ram but I'm not seeing much improvement.

A couple times now both Microsoft Security Essentials and Maleware Bytes (full version, always on) have been shut down without me doing it.

When I log out I always have a program running though nothing is listed in Task Manager (no idea if this is normal or not, but my son's account never does this..)

When I attempt to shut down or restart the computer I get a pop up window telling me that a program is still shutting down - it's always a different program name of 3 or 4 characters (BB4 or 12F8 I didn't write down the others)

Ran both MSE and Maleware Bytes and haven't had anything come up. I'm not even 100% sure I've got a problem, but something isn't right with the system so I figured I'd check with y'all.



OTL LOG:


OTL logfile created on: 8/18/2012 11:56:23 PM - Run 2
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Documents and Settings\User\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.83 Gb Available Physical Memory | 60.98% Memory free
3.86 Gb Paging File | 2.98 Gb Available in Paging File | 77.15% Paging File free
Paging file location(s): C:\pagefile.sys 1046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 203.93 Gb Free Space | 43.78% Space Free | Partition Type: NTFS
Drive I: | 7.44 Gb Total Space | 6.31 Gb Free Space | 84.79% Space Free | Partition Type: FAT32

Computer Name: DEN | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/13 22:31:01 | 001,229,848 | ---- | M] (Google Inc.) -- C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2012/08/08 19:09:17 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/01/03 09:23:11 | 000,640,440 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2011/11/02 02:00:44 | 000,090,448 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2011/04/01 02:31:39 | 002,271,608 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011/03/21 12:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/08/20 10:36:38 | 001,578,496 | ---- | M] (X-Rite Inc.) -- C:\Program Files\X-Rite\Devices\Services\i1Pro\i1ProDeviceService.exe
PRC - [2010/08/10 20:08:54 | 000,141,312 | ---- | M] (X-Rite Inc.) -- C:\Program Files\X-Rite\Devices\Services\xritedeviced.exe
PRC - [2009/07/08 12:31:24 | 000,236,016 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
PRC - [2009/07/08 12:29:34 | 000,018,416 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
PRC - [2008/05/01 16:41:38 | 000,136,488 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
PRC - [2008/05/01 16:40:44 | 003,032,360 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Pen_Tablet.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/31 17:29:06 | 000,196,608 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
PRC - [2007/06/05 14:20:32 | 000,177,704 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/15 17:52:20 | 000,241,664 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MultiDesk.HydraVision.Dashboard\2.0.3548.36920__90ba9c70f846762e\CLI.Aspect.MultiDesk.HydraVision.Dashboard.dll
MOD - [2012/08/15 17:52:20 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MDProp.HydraVision.Dashboard\2.0.3548.36919__90ba9c70f846762e\CLI.Aspect.MDProp.HydraVision.Dashboard.dll
MOD - [2012/08/15 17:52:20 | 000,163,840 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeskMan.HydraVision.Dashboard\2.0.3548.36918__90ba9c70f846762e\CLI.Aspect.DeskMan.HydraVision.Dashboard.dll
MOD - [2012/08/15 17:52:20 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Grid.HydraVision.Runtime\2.0.3548.36915__90ba9c70f846762e\CLI.Aspect.Grid.HydraVision.Runtime.dll
MOD - [2012/08/15 17:52:20 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeskMan.HydraVision.Runtime\2.0.3548.36918__90ba9c70f846762e\CLI.Aspect.DeskMan.HydraVision.Runtime.dll
MOD - [2012/08/15 17:52:20 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MultiDesk.HydraVision.Runtime\2.0.3548.36920__90ba9c70f846762e\CLI.Aspect.MultiDesk.HydraVision.Runtime.dll
MOD - [2012/08/15 17:52:20 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MDProp.HydraVision.Runtime\2.0.3548.36919__90ba9c70f846762e\CLI.Aspect.MDProp.HydraVision.Runtime.dll
MOD - [2012/08/15 17:52:20 | 000,012,800 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeskMan.HydraVision.Shared\2.0.3548.36918__90ba9c70f846762e\CLI.Aspect.DeskMan.HydraVision.Shared.dll
MOD - [2012/08/15 17:52:20 | 000,010,240 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MDProp.HydraVision.Shared\2.0.3548.36919__90ba9c70f846762e\CLI.Aspect.MDProp.HydraVision.Shared.dll
MOD - [2012/08/15 17:52:20 | 000,010,240 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Grid.HydraVision.Shared\2.0.3548.36914__90ba9c70f846762e\CLI.Aspect.Grid.HydraVision.Shared.dll
MOD - [2012/08/15 17:52:20 | 000,009,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MultiDesk.HydraVision.Shared\2.0.3548.36919__90ba9c70f846762e\CLI.Aspect.MultiDesk.HydraVision.Shared.dll
MOD - [2012/08/15 17:52:19 | 001,736,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3548.36830__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2012/08/15 17:52:19 | 000,364,544 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3548.36811__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2012/08/15 17:52:19 | 000,311,296 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HydraVision.Wizard\2.0.3548.36921__90ba9c70f846762e\CLI.Aspect.HydraVision.Wizard.dll
MOD - [2012/08/15 17:52:19 | 000,204,800 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3548.36831__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2012/08/15 17:52:19 | 000,147,456 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Grid.HydraVision.Dashboard\2.0.3548.36914__90ba9c70f846762e\CLI.Aspect.Grid.HydraVision.Dashboard.dll
MOD - [2012/08/15 17:52:19 | 000,077,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3548.36882__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2012/08/15 17:52:19 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3548.36825__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2012/08/15 17:52:19 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3548.36854__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2012/08/15 17:52:19 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3548.36820__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2012/08/15 17:52:19 | 000,011,776 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Runtime\2.0.3548.36914__90ba9c70f846762e\CLI.Caste.HydraVision.Runtime.dll
MOD - [2012/08/15 17:52:19 | 000,008,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Shared\2.0.3548.36913__90ba9c70f846762e\CLI.Caste.HydraVision.Shared.dll
MOD - [2012/08/15 17:52:19 | 000,007,680 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Wizard\2.0.3548.36918__90ba9c70f846762e\CLI.Caste.HydraVision.Wizard.dll
MOD - [2012/08/15 17:52:19 | 000,007,680 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Dashboard\2.0.3548.36914__90ba9c70f846762e\CLI.Caste.HydraVision.Dashboard.dll
MOD - [2012/08/15 17:52:18 | 000,491,520 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3548.36901__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2012/08/15 17:52:18 | 000,094,208 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3548.36869__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2012/08/15 17:52:18 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3548.36820__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2012/08/15 17:52:18 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3548.36863__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2012/08/15 17:52:18 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Dashboard\2.0.3548.36830__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Dashboard.dll
MOD - [2012/08/15 17:52:18 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3548.36902__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2012/08/15 17:52:18 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Runtime\2.0.3548.36830__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Runtime.dll
MOD - [2012/08/15 17:52:17 | 000,077,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.3548.36912__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.dll
MOD - [2012/08/15 17:52:17 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3548.36868__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2012/08/15 17:52:16 | 000,823,296 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3548.36856__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2012/08/15 17:52:16 | 000,573,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3548.36832__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2012/08/15 17:52:16 | 000,409,600 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3548.36877__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2012/08/15 17:52:16 | 000,409,600 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3548.36821__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2012/08/15 17:52:16 | 000,196,608 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3548.36831__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2012/08/15 17:52:16 | 000,094,208 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3548.36855__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2012/08/15 17:52:16 | 000,094,208 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3548.36861__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2012/08/15 17:52:16 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3548.36861__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2012/08/15 17:52:15 | 000,393,216 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3548.36855__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2012/08/15 17:52:15 | 000,360,448 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3548.36850__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2012/08/15 17:52:15 | 000,270,336 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2012/08/15 17:52:15 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3548.36854__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2012/08/15 17:52:15 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3548.36836__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2012/08/15 17:52:15 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3548.36855__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2012/08/15 17:52:15 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3548.36862__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2012/08/15 17:52:14 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3531.24440__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2012/08/15 17:52:14 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3531.24439__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2012/08/15 17:52:14 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3531.24478__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2012/08/15 17:52:14 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3531.24559__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll
MOD - [2012/08/15 17:52:14 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3531.24552__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2012/08/15 17:52:14 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3531.24471__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2012/08/15 17:52:14 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3531.24549__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2012/08/15 17:52:14 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2012/08/15 17:52:13 | 000,139,264 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3531.24451__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2012/08/15 17:52:13 | 000,098,304 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.3531.24414__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2012/08/15 17:52:13 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2012/08/15 17:52:13 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.3531.24410__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2012/08/15 17:52:13 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3531.24412__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2012/08/15 17:52:13 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3531.24636__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2012/08/15 17:52:13 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3531.24442__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2012/08/15 17:52:13 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.dll
MOD - [2012/08/15 17:52:13 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3531.24449__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2012/08/15 17:52:13 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3531.24426__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2012/08/15 17:52:13 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.3531.24466__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2012/08/15 17:52:13 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2012/08/15 17:52:13 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.3531.24494__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2012/08/15 17:52:13 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2012/08/15 17:52:13 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3531.24455__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2012/08/15 17:52:13 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3531.24498__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2012/08/15 17:52:13 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3531.24460__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2012/08/15 17:52:12 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3531.24511__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2012/08/15 17:52:12 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.3531.24556__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.dll
MOD - [2012/08/15 17:52:12 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3531.24504__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2012/08/15 17:52:12 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3531.24510__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2012/08/15 17:52:12 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3531.24502__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2012/08/15 17:52:12 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3531.24538__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2012/08/15 17:52:12 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3531.24476__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2012/08/15 17:52:12 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MultiVPU4.Graphics.Shared\2.0.3531.24546__90ba9c70f846762e\CLI.Aspect.MultiVPU4.Graphics.Shared.dll
MOD - [2012/08/15 17:52:12 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3531.24499__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2012/08/15 17:52:12 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3531.24495__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2012/08/15 17:52:12 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerXpress.Graphics.Shared\2.0.3531.24554__90ba9c70f846762e\CLI.Aspect.PowerXpress.Graphics.Shared.dll
MOD - [2012/08/15 17:52:12 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3531.24506__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2012/08/15 17:52:12 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Shared\2.0.3531.24498__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Shared.dll
MOD - [2012/08/15 17:52:12 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3531.24472__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2012/08/15 17:52:11 | 000,651,264 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3548.36926__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll
MOD - [2012/08/15 17:52:11 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3531.24503__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2012/08/15 17:52:11 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3548.36907__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2012/08/15 17:52:11 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3531.24509__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2012/08/15 17:52:11 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3531.24467__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2012/08/15 17:52:11 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.ALICrossfire.Graphics.Shared\2.0.3531.24551__90ba9c70f846762e\CLI.Aspect.ALICrossfire.Graphics.Shared.dll
MOD - [2012/08/15 17:52:11 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3531.24435__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll
MOD - [2012/08/15 17:52:11 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.3531.24469__90ba9c70f846762e\APM.Foundation.dll
MOD - [2012/08/15 17:52:11 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3531.24441__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2012/08/15 17:52:11 | 000,014,848 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
MOD - [2012/08/15 17:52:11 | 000,013,312 | ---- | M] () -- C:\WINDOWS\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll
MOD - [2012/08/15 17:52:11 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3548.36809__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2012/08/15 17:52:10 | 000,561,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3548.36890__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2012/08/15 17:52:10 | 000,405,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3548.36825__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2012/08/15 17:52:10 | 000,106,496 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.3548.36896__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2012/08/15 17:52:10 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3548.36894__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2012/08/15 17:52:10 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3548.36809__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2012/08/15 17:52:10 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3548.36810__90ba9c70f846762e\CLI.Component.SkinFactory.dll
MOD - [2012/08/15 17:52:10 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3531.24457__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2012/08/15 17:52:10 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3531.24420__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2012/08/15 17:52:10 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3531.24429__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2012/08/15 17:52:10 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3531.24462__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2012/08/15 17:52:10 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3531.24459__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2012/08/15 17:52:09 | 001,220,608 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3548.36816__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2012/08/15 17:52:09 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3531.24445__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2012/08/15 17:52:09 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3531.24463__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2012/08/15 17:52:08 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2012/08/15 17:52:08 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3531.24513__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2012/08/15 17:52:08 | 000,019,456 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.3548.36896__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2012/08/15 17:52:07 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.3548.36807__90ba9c70f846762e\APM.Server.dll
MOD - [2012/08/15 17:52:07 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.3548.36808__90ba9c70f846762e\AEM.Server.dll
MOD - [2012/08/13 22:30:59 | 000,442,392 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.79\ppgooglenaclpluginchrome.dll
MOD - [2012/08/13 22:30:58 | 012,235,288 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.79\PepperFlash\pepflashplayer.dll
MOD - [2012/08/13 22:30:57 | 003,997,720 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.79\pdf.dll
MOD - [2012/08/13 22:29:28 | 000,144,424 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.79\avutil-51.dll
MOD - [2012/08/13 22:29:27 | 000,266,792 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.79\avformat-54.dll
MOD - [2012/08/13 22:29:26 | 002,480,680 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.79\avcodec-54.dll
MOD - [2012/06/13 03:33:16 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll
MOD - [2012/06/13 03:28:01 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll
MOD - [2012/06/13 03:27:47 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll
MOD - [2012/06/13 03:24:42 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2012/05/11 03:21:18 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
MOD - [2012/05/11 03:17:39 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\016444dfc5f7e3d11c776f2fbc7a4594\Accessibility.ni.dll
MOD - [2012/05/11 03:16:07 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012/05/11 03:14:30 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012/05/11 03:14:21 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2012/01/08 07:41:12 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2011/11/03 09:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/09/27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/21 12:57:34 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/03/21 12:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2009/11/26 02:08:23 | 000,049,152 | ---- | M] () -- C:\WINDOWS\system32\LXECPMON.DLL
MOD - [2009/08/28 16:08:26 | 000,016,384 | R--- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
MOD - [2009/08/11 21:18:28 | 000,497,664 | ---- | M] () -- C:\WINDOWS\system32\ac3filter.acm
MOD - [2009/02/27 16:39:29 | 000,019,968 | ---- | M] () -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AcroTray.DEU
MOD - [2009/02/27 16:32:27 | 000,020,480 | ---- | M] () -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AcroTray.FRA
MOD - [2009/01/13 09:15:12 | 004,485,120 | ---- | M] () -- C:\WINDOWS\system32\LXECoem.dll
MOD - [2008/04/14 05:42:44 | 000,148,992 | ---- | M] () -- C:\WINDOWS\system32\mpg2splt.ax
MOD - [2008/04/14 05:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 05:41:54 | 000,498,742 | ---- | M] () -- C:\WINDOWS\system32\dxmasf.dll
MOD - [2008/04/14 05:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/06/05 14:20:32 | 000,177,704 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
MOD - [2004/08/04 06:00:00 | 000,015,360 | ---- | M] () -- C:\WINDOWS\system32\tsd32.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/07/20 13:54:24 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/04/01 02:31:39 | 002,271,608 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010/08/20 10:36:38 | 001,578,496 | ---- | M] (X-Rite Inc.) [Auto | Running] -- C:\Program Files\X-Rite\Devices\Services\i1Pro\i1ProDeviceService.exe -- (i1 Pro Service)
SRV - [2010/08/10 20:08:54 | 000,141,312 | ---- | M] (X-Rite Inc.) [Auto | Running] -- C:\Program Files\X-Rite\Devices\Services\xritedeviced.exe -- (xritedeviced)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2008/12/05 09:17:40 | 000,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)
SRV - [2008/11/30 01:30:06 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/05/01 16:40:44 | 003,032,360 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\WINDOWS\system32\Pen_Tablet.exe -- (TabletServicePen)
SRV - [2007/06/05 14:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)
SRV - [2007/03/20 17:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\PciCon.sys -- (PciCon)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/07/12 19:29:22 | 001,270,120 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rtwlanu.sys -- (RTL8192cu)
DRV - [2011/01/26 23:34:32 | 006,406,656 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2010/09/28 07:50:50 | 000,015,872 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\XPTWOPORT.sys -- (XPTWOPORT)
DRV - [2009/08/19 06:05:56 | 000,100,368 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2008/08/01 18:36:26 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008/08/01 18:36:20 | 000,054,784 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2008/03/17 14:14:52 | 000,015,144 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV - [2008/02/01 18:12:36 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2008/02/01 18:12:36 | 000,004,962 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)
DRV - [2008/01/15 14:11:46 | 000,013,480 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2007/08/09 13:11:40 | 000,102,400 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvgts.sys -- (nvgts)
DRV - [2007/02/16 13:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2007/02/15 18:11:28 | 000,011,440 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WacomVKHid.sys -- (WacomVKHid)
DRV - [2006/03/18 04:18:58 | 000,392,960 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2005/11/24 20:51:38 | 000,245,248 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT1060933
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.ca...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT1060933
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\User\Application Data\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\User\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/04/28 08:18:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/04/28 08:18:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/08/08 20:59:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/15 23:26:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0b9\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 8\components [2012/08/08 20:59:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0b9\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 8\plugins [2012/08/08 20:59:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/08/08 20:59:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.11\extensions\\Components: C:\Program Files\SeaMonkey\components [2012/08/08 20:59:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.11\extensions\\Plugins: C:\Program Files\SeaMonkey\plugins

[2009/03/05 11:35:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions
[2012/08/15 23:20:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\qm52wcga.default\extensions
[2009/09/09 08:29:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\qm52wcga.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe41}
[2011/11/28 23:30:50 | 000,000,000 | ---D | M] (Freecorder Community Toolbar) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\qm52wcga.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
[2011/03/15 17:57:01 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\qm52wcga.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/10/22 07:53:04 | 000,000,000 | ---D | M] (History Submenus) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\qm52wcga.default\extensions\{7102aba3-045c-4ec2-b921-46d87636d84b}
[2012/05/16 22:19:48 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\qm52wcga.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012/03/26 19:16:34 | 000,000,000 | ---D | M] (FoxLingo) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\qm52wcga.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}
[2010/10/22 07:53:05 | 000,000,000 | ---D | M] (AnyColor) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\qm52wcga.default\extensions\[email protected]
[2011/03/19 12:02:12 | 000,000,000 | ---D | M] (Personas) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\qm52wcga.default\extensions\[email protected]
[2012/07/26 22:12:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\SeaMonkey\Profiles\t5o8xgjp.default\extensions
[2009/10/21 07:42:14 | 000,002,279 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\qm52wcga.default\searchplugins\ask.xml
[2010/10/20 15:40:12 | 000,000,923 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\qm52wcga.default\searchplugins\conduit.xml
[2012/08/15 11:50:49 | 000,002,282 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\qm52wcga.default\searchplugins\surf-canyon.xml
[2012/08/15 11:50:50 | 000,002,112 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\qm52wcga.default\searchplugins\wot-safe-search.xml
[2009/10/21 07:42:14 | 000,000,573 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\qm52wcga.default\searchplugins\yahoo.xml
[2011/11/13 19:03:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/08/15 23:20:42 | 000,166,004 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\QM52WCGA.DEFAULT\EXTENSIONS\{A64F9D1E-FA5E-11DA-A187-6B94C2ED2B83}.XPI
[2011/10/10 13:20:18 | 000,254,273 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\QM52WCGA.DEFAULT\EXTENSIONS\{CE6E6E3B-84DD-4CAC-9F63-8D2AE4F30A4B}.XPI
[2012/08/09 23:22:55 | 000,045,226 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\QM52WCGA.DEFAULT\EXTENSIONS\{EF522540-89F5-46B9-B6FE-1829E2B572C6}.XPI
[2012/02/12 22:44:02 | 000,061,854 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\QM52WCGA.DEFAULT\EXTENSIONS\[email protected]
[2012/07/20 13:54:25 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/28 18:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/13 19:03:40 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.79\pdf.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Documents and Settings\User\Application Data\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Unity Player (Enabled) = C:\Documents and Settings\User\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: DivX HiQ = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\
CHR - Extension: Google Bookmarks = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mnedccijmniojgaehpjebjfpkmafecho\0.6.1_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\

O1 HOSTS File: ([2009/12/22 05:13:44 | 000,625,907 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 fr.a2dfp.net
O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1 achmedia.com
O1 - Hosts: 127.0.0.1 aconti.net
O1 - Hosts: 127.0.0.1 secure.aconti.net
O1 - Hosts: 127.0.0.1 www.aconti.net #[Dialer.Aconti]
O1 - Hosts: 127.0.0.1 ads.active.com
O1 - Hosts: 127.0.0.1 am1.activemeter.com
O1 - Hosts: 127.0.0.1 www.activemeter.com #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ads.activepower.net
O1 - Hosts: 127.0.0.1 data2.activshopper.com #[Trackware.ActivShopper]
O1 - Hosts: 127.0.0.1 stat.active24stats.nl #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ad2games.com
O1 - Hosts: 127.0.0.1 cms.ad2click.nl
O1 - Hosts: 127.0.0.1 ads.ad2games.com
O1 - Hosts: 127.0.0.1 content.ad20.net
O1 - Hosts: 16591 more lines...
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [AdobeBridge] File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Privacy present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {395E58B9-090C-461A-8F27-087D1C727945} http://conference.rship.ca/joinie.cab (Web Conferencing)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1227746001859 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 75.153.176.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2CCD4236-278F-41E7-BB2A-BBFEF7B0187B}: NameServer = 156.154.70.22,156.154.71.22
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{407DEE13-CA4E-4EB2-ADD2-780776220F8D}: NameServer = 156.154.70.22,156.154.71.22
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7B45EF8D-71DB-4BDB-BA84-A895D63AFD3C}: DhcpNameServer = 192.168.1.254 75.153.176.1
O18 - Protocol\Handler\intu-qt2008 {05E53CE9-66C8-4a9e-A99F-FDB7A8E7B596} - C:\Program Files\QuickTax 2008\ic2008pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\intu-qt2009 {03947252-2355-4e9b-B446-8CCC75C43370} - C:\Program Files\QuickTax 2009\ic2009pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\intu-tt2010 {97A0575E-2309-4e75-8509-B1F9390C4DE7} - C:\Program Files\TurboTax 2010\ic2010pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\intu-tt2011 {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - C:\Program Files\TurboTax 2011\ic2011pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/11/26 18:59:53 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{d6df7c60-673e-11e0-9370-002215063492}\Shell - "" = AutoRun
O33 - MountPoints2\{d6df7c60-673e-11e0-9370-002215063492}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d6df7c60-673e-11e0-9370-002215063492}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL drivers\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/18 22:57:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2012/08/18 22:57:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Security Task Manager
[2012/08/18 22:57:48 | 000,000,000 | ---D | C] -- C:\Program Files\Security Task Manager
[2012/08/15 18:53:21 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2012/08/15 18:00:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\ATI
[2012/08/15 18:00:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\ATI
[2012/08/15 18:00:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ATI
[2012/08/15 17:52:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Start Menu\Programs\ATI Problem Report Wizard
[2012/08/15 17:52:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Start Menu\Programs\Catalyst Control Center
[2012/08/15 17:51:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2012/08/15 17:51:13 | 000,100,368 | ---- | C] (ATI Research Inc.) -- C:\WINDOWS\System32\drivers\AtiHdmi.sys
[2012/08/15 17:47:11 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2012/08/15 17:47:08 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2012/08/15 17:46:16 | 000,000,000 | ---D | C] -- C:\AMD
[2012/08/15 11:59:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\Performance
[2012/08/15 11:58:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Microsoft Corporation
[2012/08/15 11:55:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows 7 Upgrade Advisor
[2012/08/15 00:20:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CPA_VA
[2012/08/15 00:19:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Comodo
[2012/08/15 00:18:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\COMODO
[2012/08/15 00:10:38 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\User\Recent
[2012/08/15 00:09:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2012/08/14 23:14:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\Music
[2012/08/14 23:12:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\jpg, ai, png etc
[2012/08/08 20:59:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Start Menu\Programs\QuickTime
[2012/08/08 20:58:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2012/08/08 19:09:15 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2012/08/03 18:10:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Start Menu\Programs\REALTEK 11n USB Wireless LAN Utility
[2012/08/03 18:09:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\OPTIONS
[2012/08/03 18:09:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\RtlGina
[2012/08/03 18:09:27 | 000,000,000 | ---D | C] -- C:\Program Files\REALTEK
[2012/07/30 22:14:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Start Menu\Programs\Music Manager
[2012/07/30 22:14:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Programs
[2012/07/26 22:50:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\FileZilla
[2012/07/26 22:50:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Start Menu\Programs\FileZilla FTP Client
[2012/07/26 22:50:26 | 000,000,000 | ---D | C] -- C:\Program Files\FileZilla FTP Client
[2012/07/26 22:40:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\svBuilder
[2012/07/26 22:40:27 | 000,000,000 | ---D | C] -- C:\Program Files\svBuilder
[2012/07/26 22:10:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Start Menu\Programs\SeaMonkey
[2012/07/26 22:09:59 | 000,000,000 | ---D | C] -- C:\Program Files\SeaMonkey
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/18 23:49:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-1417001333-1801674531-1003UA.job
[2012/08/18 23:46:54 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/08/18 23:44:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/18 23:44:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/18 23:37:01 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/08/18 23:36:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/08/18 13:49:01 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-1417001333-1801674531-1003Core.job
[2012/08/18 12:30:00 | 000,000,364 | ---- | M] () -- C:\WINDOWS\tasks\RegistryConvoy.job
[2012/08/18 12:01:54 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{AB64F500-7EC3-4490-A99E-ECE2065DE0B3}.job
[2012/08/18 02:00:00 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-DEN-User.job
[2012/08/17 20:55:24 | 006,260,697 | ---- | M] () -- C:\Documents and Settings\User\Desktop\seaworld.JPG
[2012/08/16 03:01:23 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/08/15 19:16:46 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/08/15 17:50:56 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ativpsrm.bin
[2012/08/15 17:43:08 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/08/15 03:17:16 | 003,889,280 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/08/15 00:10:19 | 000,188,054 | ---- | M] () -- C:\Documents and Settings\User\My Documents\cc_20120815_001004.reg
[2012/08/14 23:37:14 | 000,001,141 | ---- | M] () -- C:\WINDOWS\System32\{1606DC18-9578-4cbd-8312-8E9868F06A1D}.conf
[2012/08/14 23:37:14 | 000,000,404 | ---- | M] () -- C:\WINDOWS\System32\{7995330B-E01F-4645-B702-53481E7CB778}.cmdfile
[2012/08/14 20:51:10 | 000,002,255 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/08/14 20:51:09 | 000,002,289 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Google Chrome.lnk
[2012/08/08 20:50:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/08/08 19:09:17 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2012/08/05 19:59:36 | 000,069,120 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/08/03 18:10:01 | 000,376,832 | ---- | M] () -- C:\WINDOWS\System32\AegisI5Installer.exe
[2012/07/26 22:10:05 | 000,001,582 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\SeaMonkey.lnk
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/17 20:55:22 | 006,260,697 | ---- | C] () -- C:\Documents and Settings\User\Desktop\seaworld.JPG
[2012/08/16 22:58:57 | 000,002,289 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Google Chrome.lnk
[2012/08/15 23:45:41 | 000,006,045 | ---- | C] () -- C:\WINDOWS\System32\nvnrm.nvu
[2012/08/15 23:45:41 | 000,004,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2012/08/15 19:21:11 | 000,270,142 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Minecraft.exe
[2012/08/15 17:50:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2012/08/15 17:50:10 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2012/08/15 17:50:10 | 000,578,048 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.cap
[2012/08/15 17:50:10 | 000,227,587 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2012/08/15 17:50:10 | 000,030,707 | ---- | C] () -- C:\WINDOWS\atiogl.xml
[2012/08/15 17:50:10 | 000,007,167 | ---- | C] () -- C:\WINDOWS\System32\atifglpf.xml
[2012/08/15 17:50:10 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2012/08/15 11:55:52 | 000,001,868 | ---- | C] () -- C:\Documents and Settings\User\Start Menu\Programs\Windows 7 Upgrade Advisor.lnk
[2012/08/15 00:24:42 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2012/08/15 00:10:07 | 000,188,054 | ---- | C] () -- C:\Documents and Settings\User\My Documents\cc_20120815_001004.reg
[2012/08/14 23:37:14 | 000,000,404 | ---- | C] () -- C:\WINDOWS\System32\{7995330B-E01F-4645-B702-53481E7CB778}.cmdfile
[2012/08/14 23:37:13 | 000,001,141 | ---- | C] () -- C:\WINDOWS\System32\{1606DC18-9578-4cbd-8312-8E9868F06A1D}.conf
[2012/08/03 18:09:57 | 000,376,832 | ---- | C] () -- C:\WINDOWS\System32\AegisI5Installer.exe
[2012/08/03 18:09:26 | 000,451,072 | ---- | C] () -- C:\WINDOWS\System32\ISSRemoveSP.exe
[2012/07/31 01:09:40 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/07/26 22:40:29 | 000,000,646 | ---- | C] () -- C:\Documents and Settings\User\Start Menu\Programs\svBuilder.lnk
[2012/07/26 22:10:05 | 000,001,582 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\SeaMonkey.lnk
[2012/06/03 21:50:35 | 000,495,496 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/02/15 21:03:29 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/01/14 00:31:15 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2010/11/11 13:04:52 | 000,072,080 | ---- | C] () -- C:\Documents and Settings\User\g2mdlhlpx.exe
[2010/10/04 10:14:19 | 000,102,248 | ---- | C] () -- C:\Documents and Settings\User\GoToAssistDownloadHelper.exe
[2010/09/26 17:54:05 | 000,000,244 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2010/09/26 17:54:05 | 000,000,093 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2010/09/26 17:53:50 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2010/09/26 17:53:50 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2010/09/26 17:49:40 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\bridf08a.dat
[2010/09/26 17:49:32 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2010/09/26 17:49:32 | 000,000,086 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini
[2010/09/26 17:49:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2010/09/26 17:46:24 | 000,031,767 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2010/09/23 16:10:00 | 000,096,888 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/09/23 15:24:37 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2010/09/23 15:24:37 | 000,000,059 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2010/08/31 09:11:16 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\LXECPMON.DLL
[2010/08/31 09:11:16 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXECFXPU.DLL
[2010/08/31 09:10:56 | 004,485,120 | ---- | C] () -- C:\WINDOWS\System32\LXECoem.dll
[2010/08/31 08:58:01 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\LXECsmr.dll
[2010/08/31 08:58:00 | 000,299,008 | ---- | C] () -- C:\WINDOWS\System32\LXECsm.dll
[2010/06/08 07:47:16 | 000,058,202 | ---- | C] () -- C:\Program Files\Flash Professional CS5 Read Me.pdf
[2010/03/15 08:50:47 | 013,791,744 | ---- | C] () -- C:\Documents and Settings\User\BlackBerry_USB_and_Modem_Drivers_ENG.msi
[2008/12/10 14:24:42 | 000,000,550 | ---- | C] () -- C:\Documents and Settings\User\Shortcut to Desktop.lnk
[2008/12/02 16:13:29 | 000,069,120 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== LOP Check ==========

[2009/01/17 23:11:45 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2012/08/15 08:40:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CPA_VA
[2010/09/07 15:45:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lexmark Pro800-Pro900 Series
[2008/12/24 18:30:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2009/05/27 09:22:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PBGsavesDirectory
[2010/09/23 15:43:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2010/08/31 09:10:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pro800-Pro900 Series
[2010/06/08 08:42:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2010/08/11 00:23:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2010/09/26 17:46:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2012/08/18 23:12:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2009/12/27 22:16:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/11/01 19:28:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\X-Rite
[2012/08/01 20:19:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\.minecraft
[2011/05/11 08:23:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Amazon
[2009/03/03 21:51:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Astute Graphics
[2009/06/14 15:54:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Atari
[2010/05/12 19:29:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Blender Foundation
[2009/04/09 17:49:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Bump Technologies, Inc
[2011/02/11 00:55:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\calibre
[2009/02/18 17:10:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Canon
[2010/06/08 12:52:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/04/20 20:02:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/08/14 23:41:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Dropbox
[2010/03/10 14:41:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Facebook
[2012/07/26 23:02:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\FileZilla
[2009/03/07 18:37:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Filter Forge Freepack 1 - Metals
[2009/03/07 18:45:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Filter Forge Freepack 2 - Photo Effects
[2010/02/04 21:16:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\FontCreator
[2009/03/29 16:49:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\GarageGames
[2010/12/17 17:39:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\GetRightToGo
[2011/03/10 16:45:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\ICAClient
[2011/05/30 15:31:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\ImageDesktop.70A796F90E3A41D1B0A2F1D200C8BD1EF0788CF6.1
[2009/06/14 15:52:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Leadertech
[2009/09/28 08:37:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\LEGO Company
[2008/12/24 18:30:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\NCH Swift Sound
[2010/08/10 21:18:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\OverDrive
[2012/04/29 21:00:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\PriceGong
[2010/08/31 09:48:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Pro800-Pro900 Series
[2011/04/07 23:49:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Research In Motion
[2012/03/09 01:22:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\SecondLife
[2012/07/26 22:40:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\svBuilder
[2010/06/10 18:26:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\SWiSH Max3
[2011/04/07 14:23:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\TeamViewer
[2012/04/18 23:50:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Thunderbird
[2010/09/23 16:06:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2010/10/02 18:41:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Unity
[2010/05/13 08:30:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Wings3D
[2010/08/29 00:03:09 | 000,000,362 | ---- | M] () -- C:\WINDOWS\Tasks\Install_NSS.job
[2012/08/18 12:30:00 | 000,000,364 | ---- | M] () -- C:\WINDOWS\Tasks\RegistryConvoy.job
[2012/08/18 12:01:54 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{AB64F500-7EC3-4490-A99E-ECE2065DE0B3}.job

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2012/08/18 23:39:54 | 000,007,425 | ---- | M] ()(C:\Documents and Settings\User\??j) -- C:\Documents and Settings\User\漀ѽj
[2012/08/18 23:39:17 | 000,007,524 | ---- | M] ()(C:\Documents and Settings\User\??z) -- C:\Documents and Settings\User\�Ѹz
[2012/08/08 20:17:23 | 000,000,759 | ---- | M] ()(C:\WINDOWS\System32\??p) -- C:\WINDOWS\System32\脀Ѹp
[2012/08/08 20:17:22 | 000,000,792 | ---- | M] ()(C:\WINDOWS\System32\??r) -- C:\WINDOWS\System32\脀Ѹr
[2012/08/08 20:17:21 | 000,000,759 | ---- | M] ()(C:\WINDOWS\System32\??h) -- C:\WINDOWS\System32\漀ѽh
[2012/08/08 20:17:20 | 000,000,825 | ---- | M] ()(C:\WINDOWS\System32\??x) -- C:\WINDOWS\System32\Ѹx
[2012/08/08 20:16:44 | 000,001,947 | ---- | M] ()(C:\WINDOWS\System32\??z) -- C:\WINDOWS\System32\�Ѹz
[2012/07/18 22:32:19 | 000,000,528 | ---- | M] ()(C:\Documents and Settings\User\??x) -- C:\Documents and Settings\User\Ѹx
[2010/08/26 07:44:32 | 000,000,033 | ---- | M] ()(C:\WINDOWS\System32\??j) -- C:\WINDOWS\System32\漀ѽj
[2010/08/26 07:44:31 | 000,000,033 | ---- | C] ()(C:\WINDOWS\System32\??j) -- C:\WINDOWS\System32\漀ѽj
[2010/08/16 09:35:39 | 000,000,792 | ---- | C] ()(C:\WINDOWS\System32\??r) -- C:\WINDOWS\System32\脀Ѹr
[2010/08/16 09:35:39 | 000,000,759 | ---- | C] ()(C:\WINDOWS\System32\??p) -- C:\WINDOWS\System32\脀Ѹp
[2010/08/16 09:35:38 | 000,000,825 | ---- | C] ()(C:\WINDOWS\System32\??x) -- C:\WINDOWS\System32\Ѹx
[2010/08/16 09:35:38 | 000,000,759 | ---- | C] ()(C:\WINDOWS\System32\??h) -- C:\WINDOWS\System32\漀ѽh
[2010/08/16 09:35:38 | 000,000,528 | ---- | C] ()(C:\Documents and Settings\User\??x) -- C:\Documents and Settings\User\Ѹx
[2010/08/15 20:12:04 | 000,001,947 | ---- | C] ()(C:\WINDOWS\System32\??z) -- C:\WINDOWS\System32\�Ѹz
[2010/08/11 00:54:35 | 000,007,425 | ---- | C] ()(C:\Documents and Settings\User\??j) -- C:\Documents and Settings\User\漀ѽj
[2010/08/11 00:54:34 | 000,007,524 | ---- | C] ()(C:\Documents and Settings\User\??z) -- C:\Documents and Settings\User\�Ѹz

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\User\My Documents\Weather Watches & Warnings_...pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\User\My Documents\V8049297.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\User\My Documents\Untitled-1.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\User\My Documents\typeface periodical chart.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\User\My Documents\Silas Beezley Desc Chart_Page_3.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\User\My Documents\Silas Beezley Desc Chart_Page_2.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\User\My Documents\Silas Beezley Desc Chart_Page_1.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\User\My Documents\Silas Beezley Desc Chart.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\User\My Documents\shadow.png:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\User\My Documents\ram 5500.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\User\My Documents\pretty girls copy.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\User\My Documents\openrangerv.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\User\My Documents\New Image.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\User\My Documents\GURPS_Lite_Fourth_Edition.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\User\My Documents\frozen road.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\User\My Documents\Flash.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\User\My Documents\fireworks over Medicine Hat copy.png:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\User\My Documents\fence estimate by hillraisers.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\User\My Documents\fax cover sheet.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\User\My Documents\dreidel1.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\User\My Documents\city chrysler card.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\User\My Documents\CharacterSheet.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\User\My Documents\Cal - CMYK.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\User\My Documents\Boo!Planning.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\User\My Documents\Beezley.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\User\My Documents\background01 copy.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\User\My Documents\Autumn_Leaves_Herbarium.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\User\My Documents\ark.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\User\My Documents\10946_1273745001745_1173532228_30841053_6853930_n.jpg:Roxio EMC Stream
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >
  • 0

Advertisements

#2
blmadara
Posted 21 August 2012 - 05:22 PM

blmadara

    Trusted Helper

  • Malware Removal
  • 767 posts
Hi jester1525, welcome to Geeks to Go. My name is blmadara and I will be helping you with your problems. Please be patient with me as I am still in training and my responses will have to be reviewed by an expert before I can post them.

I'd like to go over some things that will help both of us.

  • Read each of my posts entirely before performing my instructions. It would be helpful if you printed my instructions so you can read and check the steps as you perform them.
  • Follow the steps exactly in the order posted.
  • Please don't be afraid to ask questions. If you don't understand something, let me know before continuing.
  • If you can't perform a certain step, or you're unsure about what to do, please stop and let me know.
  • It is very important that you stay with me until the end so we make sure that we have removed all the bad stuff.
  • Please don't attach any logs to your posts unless I request it. It is easier for me if you copy and paste the logs into your reply.
  • Finally, never fix anything using other programs on your own. This can hinder my ability to see what is wrong with your computer and make it harder to clean your computer.



Step One: Run OTL Custom Scan

Since it's been a few days I'd like you to run another scan using the instructions below.

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
consrv.dll
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
C:\Windows\assembly\tmp\U\*.* /s
%Temp%\smtmp\1\*.*
%Temp%\smtmp\2\*.*
%Temp%\smtmp\3\*.*
%Temp%\smtmp\4\*.*
>C:\commands.txt echo list vol /raw /hide /c
/wait
>C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
/wait
type c:\diskreport.txt /c
/wait
erase c:\commands.txt /hide /c
/wait
erase c:\diskreport.txt /hide /c
CREATERESTOREPOINT
  • Please select the Scan All Users checkbox.
  • Change the File Age dropdown list from 30 days to 60 days.
  • Under Extra Registry heading, select Use Safelist.
  • Select LOP Check and Purity Check.
  • Then click the Run Scan button at the top
  • Let the program run unhindered, until it is done
  • Post the log it produces in your next reply.

Step Two: Run aswMBR

Download aswMBR.exe to your desktop.

  • Double click aswMBR.exe to run it.
  • When asked if you want to download Avast's virus definitions please select, No.
  • Click Scan to start the scan.
    Posted Image
  • When the scan ends click Save Log and save it to your desktop.
    Posted Image
  • Post the log in your next reply.


What I need in your next post:
1. The reports from the OTL scan, OTL.txt and Extras.txt.
2. The log produced by aswMBR.exe.
  • 0

#3
jester1525
Posted 21 August 2012 - 09:38 PM

jester1525

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Hi blmadara - Thanks for the help!







OTL Log:


OTL logfile created on: 8/21/2012 8:35:12 PM - Run 3
OTL by OldTimer - Version 3.2.58.1 Folder = C:\Documents and Settings\User\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.79 Gb Available Physical Memory | 59.62% Memory free
3.86 Gb Paging File | 2.86 Gb Available in Paging File | 74.12% Paging File free
Paging file location(s): C:\pagefile.sys 1046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 203.90 Gb Free Space | 43.78% Space Free | Partition Type: NTFS
Drive I: | 7.44 Gb Total Space | 6.31 Gb Free Space | 84.79% Space Free | Partition Type: FAT32

Computer Name: DEN | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

========== Processes (SafeList) ==========

PRC - [2012/08/21 20:33:17 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
PRC - [2012/08/17 16:28:57 | 001,229,848 | ---- | M] (Google Inc.) -- C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/01/03 09:23:11 | 000,640,440 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2011/11/02 02:00:44 | 000,090,448 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2011/03/21 12:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/08/20 10:36:38 | 001,578,496 | ---- | M] (X-Rite Inc.) -- C:\Program Files\X-Rite\Devices\Services\i1Pro\i1ProDeviceService.exe
PRC - [2010/08/10 20:08:54 | 000,141,312 | ---- | M] (X-Rite Inc.) -- C:\Program Files\X-Rite\Devices\Services\xritedeviced.exe
PRC - [2009/07/08 12:31:24 | 000,236,016 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
PRC - [2009/07/08 12:29:34 | 000,018,416 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
PRC - [2008/05/01 16:41:38 | 000,136,488 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
PRC - [2008/05/01 16:40:44 | 003,032,360 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Pen_Tablet.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/31 17:29:06 | 000,196,608 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
PRC - [2007/06/05 14:20:32 | 000,177,704 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/17 16:28:55 | 000,442,392 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.83\ppgooglenaclpluginchrome.dll
MOD - [2012/08/17 16:28:54 | 012,236,824 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll
MOD - [2012/08/17 16:28:52 | 003,997,720 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.83\pdf.dll
MOD - [2012/08/17 16:27:23 | 000,144,424 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.83\avutil-51.dll
MOD - [2012/08/17 16:27:22 | 000,266,792 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.83\avformat-54.dll
MOD - [2012/08/17 16:27:21 | 002,480,680 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.83\avcodec-54.dll
MOD - [2012/08/15 17:52:20 | 000,241,664 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MultiDesk.HydraVision.Dashboard\2.0.3548.36920__90ba9c70f846762e\CLI.Aspect.MultiDesk.HydraVision.Dashboard.dll
MOD - [2012/08/15 17:52:20 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MDProp.HydraVision.Dashboard\2.0.3548.36919__90ba9c70f846762e\CLI.Aspect.MDProp.HydraVision.Dashboard.dll
MOD - [2012/08/15 17:52:20 | 000,163,840 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeskMan.HydraVision.Dashboard\2.0.3548.36918__90ba9c70f846762e\CLI.Aspect.DeskMan.HydraVision.Dashboard.dll
MOD - [2012/08/15 17:52:20 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Grid.HydraVision.Runtime\2.0.3548.36915__90ba9c70f846762e\CLI.Aspect.Grid.HydraVision.Runtime.dll
MOD - [2012/08/15 17:52:20 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeskMan.HydraVision.Runtime\2.0.3548.36918__90ba9c70f846762e\CLI.Aspect.DeskMan.HydraVision.Runtime.dll
MOD - [2012/08/15 17:52:20 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MultiDesk.HydraVision.Runtime\2.0.3548.36920__90ba9c70f846762e\CLI.Aspect.MultiDesk.HydraVision.Runtime.dll
MOD - [2012/08/15 17:52:20 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MDProp.HydraVision.Runtime\2.0.3548.36919__90ba9c70f846762e\CLI.Aspect.MDProp.HydraVision.Runtime.dll
MOD - [2012/08/15 17:52:20 | 000,012,800 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeskMan.HydraVision.Shared\2.0.3548.36918__90ba9c70f846762e\CLI.Aspect.DeskMan.HydraVision.Shared.dll
MOD - [2012/08/15 17:52:20 | 000,010,240 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MDProp.HydraVision.Shared\2.0.3548.36919__90ba9c70f846762e\CLI.Aspect.MDProp.HydraVision.Shared.dll
MOD - [2012/08/15 17:52:20 | 000,010,240 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Grid.HydraVision.Shared\2.0.3548.36914__90ba9c70f846762e\CLI.Aspect.Grid.HydraVision.Shared.dll
MOD - [2012/08/15 17:52:20 | 000,009,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MultiDesk.HydraVision.Shared\2.0.3548.36919__90ba9c70f846762e\CLI.Aspect.MultiDesk.HydraVision.Shared.dll
MOD - [2012/08/15 17:52:19 | 001,736,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3548.36830__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2012/08/15 17:52:19 | 000,364,544 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3548.36811__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2012/08/15 17:52:19 | 000,311,296 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HydraVision.Wizard\2.0.3548.36921__90ba9c70f846762e\CLI.Aspect.HydraVision.Wizard.dll
MOD - [2012/08/15 17:52:19 | 000,204,800 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3548.36831__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2012/08/15 17:52:19 | 000,147,456 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Grid.HydraVision.Dashboard\2.0.3548.36914__90ba9c70f846762e\CLI.Aspect.Grid.HydraVision.Dashboard.dll
MOD - [2012/08/15 17:52:19 | 000,077,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3548.36882__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2012/08/15 17:52:19 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3548.36825__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2012/08/15 17:52:19 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3548.36854__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2012/08/15 17:52:19 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3548.36820__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2012/08/15 17:52:19 | 000,011,776 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Runtime\2.0.3548.36914__90ba9c70f846762e\CLI.Caste.HydraVision.Runtime.dll
MOD - [2012/08/15 17:52:19 | 000,008,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Shared\2.0.3548.36913__90ba9c70f846762e\CLI.Caste.HydraVision.Shared.dll
MOD - [2012/08/15 17:52:19 | 000,007,680 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Wizard\2.0.3548.36918__90ba9c70f846762e\CLI.Caste.HydraVision.Wizard.dll
MOD - [2012/08/15 17:52:19 | 000,007,680 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Dashboard\2.0.3548.36914__90ba9c70f846762e\CLI.Caste.HydraVision.Dashboard.dll
MOD - [2012/08/15 17:52:18 | 000,491,520 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3548.36901__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2012/08/15 17:52:18 | 000,094,208 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3548.36869__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2012/08/15 17:52:18 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3548.36820__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2012/08/15 17:52:18 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3548.36863__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2012/08/15 17:52:18 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Dashboard\2.0.3548.36830__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Dashboard.dll
MOD - [2012/08/15 17:52:18 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3548.36902__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2012/08/15 17:52:18 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Runtime\2.0.3548.36830__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Runtime.dll
MOD - [2012/08/15 17:52:17 | 000,077,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.3548.36912__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.dll
MOD - [2012/08/15 17:52:17 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3548.36868__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2012/08/15 17:52:16 | 000,823,296 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3548.36856__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2012/08/15 17:52:16 | 000,573,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3548.36832__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2012/08/15 17:52:16 | 000,409,600 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3548.36877__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2012/08/15 17:52:16 | 000,409,600 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3548.36821__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2012/08/15 17:52:16 | 000,196,608 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3548.36831__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2012/08/15 17:52:16 | 000,094,208 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3548.36855__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2012/08/15 17:52:16 | 000,094,208 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3548.36861__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2012/08/15 17:52:16 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3548.36861__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2012/08/15 17:52:15 | 000,393,216 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3548.36855__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2012/08/15 17:52:15 | 000,360,448 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3548.36850__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2012/08/15 17:52:15 | 000,270,336 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2012/08/15 17:52:15 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3548.36854__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2012/08/15 17:52:15 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3548.36836__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2012/08/15 17:52:15 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3548.36855__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2012/08/15 17:52:15 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3548.36862__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2012/08/15 17:52:14 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3531.24440__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2012/08/15 17:52:14 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3531.24439__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2012/08/15 17:52:14 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3531.24478__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2012/08/15 17:52:14 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3531.24559__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll
MOD - [2012/08/15 17:52:14 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3531.24552__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2012/08/15 17:52:14 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3531.24471__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2012/08/15 17:52:14 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3531.24549__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2012/08/15 17:52:14 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2012/08/15 17:52:13 | 000,139,264 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3531.24451__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2012/08/15 17:52:13 | 000,098,304 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.3531.24414__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2012/08/15 17:52:13 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2012/08/15 17:52:13 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.3531.24410__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2012/08/15 17:52:13 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3531.24412__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2012/08/15 17:52:13 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3531.24636__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2012/08/15 17:52:13 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3531.24442__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2012/08/15 17:52:13 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.dll
MOD - [2012/08/15 17:52:13 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3531.24449__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2012/08/15 17:52:13 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3531.24426__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2012/08/15 17:52:13 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.3531.24466__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2012/08/15 17:52:13 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2012/08/15 17:52:13 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.3531.24494__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2012/08/15 17:52:13 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2012/08/15 17:52:13 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3531.24455__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2012/08/15 17:52:13 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3531.24498__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2012/08/15 17:52:13 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3531.24460__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2012/08/15 17:52:12 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3531.24511__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2012/08/15 17:52:12 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.3531.24556__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.dll
MOD - [2012/08/15 17:52:12 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3531.24504__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2012/08/15 17:52:12 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3531.24510__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2012/08/15 17:52:12 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3531.24502__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2012/08/15 17:52:12 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3531.24538__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2012/08/15 17:52:12 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3531.24476__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2012/08/15 17:52:12 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3531.24499__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2012/08/15 17:52:12 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3531.24495__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2012/08/15 17:52:12 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3531.24506__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2012/08/15 17:52:12 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Shared\2.0.3531.24498__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Shared.dll
MOD - [2012/08/15 17:52:12 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3531.24472__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2012/08/15 17:52:11 | 000,651,264 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3548.36926__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll
MOD - [2012/08/15 17:52:11 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3531.24503__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2012/08/15 17:52:11 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3548.36907__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2012/08/15 17:52:11 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3531.24509__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2012/08/15 17:52:11 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3531.24467__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2012/08/15 17:52:11 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3531.24435__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll
MOD - [2012/08/15 17:52:11 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.3531.24469__90ba9c70f846762e\APM.Foundation.dll
MOD - [2012/08/15 17:52:11 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3531.24441__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2012/08/15 17:52:11 | 000,014,848 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
MOD - [2012/08/15 17:52:11 | 000,013,312 | ---- | M] () -- C:\WINDOWS\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll
MOD - [2012/08/15 17:52:11 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3548.36809__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2012/08/15 17:52:10 | 000,561,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3548.36890__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2012/08/15 17:52:10 | 000,405,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3548.36825__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2012/08/15 17:52:10 | 000,106,496 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.3548.36896__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2012/08/15 17:52:10 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3548.36894__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2012/08/15 17:52:10 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3548.36809__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2012/08/15 17:52:10 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3548.36810__90ba9c70f846762e\CLI.Component.SkinFactory.dll
MOD - [2012/08/15 17:52:10 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3531.24457__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2012/08/15 17:52:10 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3531.24420__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2012/08/15 17:52:10 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3531.24429__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2012/08/15 17:52:10 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3531.24462__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2012/08/15 17:52:10 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3531.24459__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2012/08/15 17:52:09 | 001,220,608 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3548.36816__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2012/08/15 17:52:09 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3531.24445__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2012/08/15 17:52:09 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3531.24463__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2012/08/15 17:52:08 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2012/08/15 17:52:08 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3531.24513__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2012/08/15 17:52:08 | 000,019,456 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.3548.36896__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2012/08/15 17:52:07 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.3548.36807__90ba9c70f846762e\APM.Server.dll
MOD - [2012/08/15 17:52:07 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.3548.36808__90ba9c70f846762e\AEM.Server.dll
MOD - [2012/06/13 03:33:16 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll
MOD - [2012/06/13 03:28:01 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll
MOD - [2012/06/13 03:27:47 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll
MOD - [2012/06/13 03:24:42 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2012/05/11 03:21:18 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
MOD - [2012/05/11 03:17:39 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\016444dfc5f7e3d11c776f2fbc7a4594\Accessibility.ni.dll
MOD - [2012/05/11 03:16:07 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012/05/11 03:14:30 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012/05/11 03:14:21 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2012/01/08 07:41:12 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2011/11/03 09:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/09/27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/21 12:57:34 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/03/21 12:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2009/11/26 02:08:23 | 000,049,152 | ---- | M] () -- C:\WINDOWS\system32\LXECPMON.DLL
MOD - [2009/08/28 16:08:26 | 000,016,384 | R--- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
MOD - [2009/08/11 21:18:28 | 000,497,664 | ---- | M] () -- C:\WINDOWS\system32\ac3filter.acm
MOD - [2009/02/27 16:39:29 | 000,019,968 | ---- | M] () -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AcroTray.DEU
MOD - [2009/02/27 16:32:27 | 000,020,480 | ---- | M] () -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AcroTray.FRA
MOD - [2009/01/13 09:15:12 | 004,485,120 | ---- | M] () -- C:\WINDOWS\system32\LXECoem.dll
MOD - [2008/04/14 05:42:44 | 000,148,992 | ---- | M] () -- C:\WINDOWS\system32\mpg2splt.ax
MOD - [2008/04/14 05:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 05:41:54 | 000,498,742 | ---- | M] () -- C:\WINDOWS\system32\dxmasf.dll
MOD - [2008/04/14 05:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/06/05 14:20:32 | 000,177,704 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
MOD - [2004/08/04 06:00:00 | 000,015,360 | ---- | M] () -- C:\WINDOWS\system32\tsd32.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/07/20 13:54:24 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/08/20 10:36:38 | 001,578,496 | ---- | M] (X-Rite Inc.) [Auto | Running] -- C:\Program Files\X-Rite\Devices\Services\i1Pro\i1ProDeviceService.exe -- (i1 Pro Service)
SRV - [2010/08/10 20:08:54 | 000,141,312 | ---- | M] (X-Rite Inc.) [Auto | Running] -- C:\Program Files\X-Rite\Devices\Services\xritedeviced.exe -- (xritedeviced)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2008/12/05 09:17:40 | 000,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)
SRV - [2008/11/30 01:30:06 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/05/01 16:40:44 | 003,032,360 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\WINDOWS\system32\Pen_Tablet.exe -- (TabletServicePen)
SRV - [2007/06/05 14:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)
SRV - [2007/03/20 17:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\PciCon.sys -- (PciCon)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/08/21 02:09:07 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CEE80C5A-9FA6-45F5-AB2D-BFFF8ACE7611}\MpKsl0187f478.sys -- (MpKsl0187f478)
DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/07/12 19:29:22 | 001,270,120 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rtwlanu.sys -- (RTL8192cu)
DRV - [2011/01/26 23:34:32 | 006,406,656 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2010/09/28 07:50:50 | 000,015,872 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\XPTWOPORT.sys -- (XPTWOPORT)
DRV - [2009/08/19 06:05:56 | 000,100,368 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2008/08/01 18:36:26 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008/08/01 18:36:20 | 000,054,784 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2008/03/17 14:14:52 | 000,015,144 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV - [2008/02/01 18:12:36 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2008/02/01 18:12:36 | 000,004,962 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)
DRV - [2008/01/15 14:11:46 | 000,013,480 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2007/08/09 13:11:40 | 000,102,400 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvgts.sys -- (nvgts)
DRV - [2007/02/16 13:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2007/02/15 18:11:28 | 000,011,440 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WacomVKHid.sys -- (WacomVKHid)
DRV - [2006/03/18 04:18:58 | 000,392,960 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2005/11/24 20:51:38 | 000,245,248 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {154d339e-ccaa-49a5-9b38-6878ad4220bc}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{154d339e-ccaa-49a5-9b38-6878ad4220bc}: "URL" = http://www.searchamo...t=webs&bar=true
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1606980848-1417001333-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.searchamo...t=webs&bar=true
IE - HKU\S-1-5-21-1606980848-1417001333-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.searchamo...t=webs&bar=true
IE - HKU\S-1-5-21-1606980848-1417001333-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchamong.com
IE - HKU\S-1-5-21-1606980848-1417001333-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.searchamo...t=webs&bar=true
IE - HKU\S-1-5-21-1606980848-1417001333-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchamo...t=webs&bar=true
IE - HKU\S-1-5-21-1606980848-1417001333-1801674531-1003\..\SearchScopes,DefaultScope = {154d339e-ccaa-49a5-9b38-6878ad4220bc}
IE - HKU\S-1-5-21-1606980848-1417001333-1801674531-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKU\S-1-5-21-1606980848-1417001333-1801674531-1003\..\SearchScopes\{154d339e-ccaa-49a5-9b38-6878ad4220bc}: "URL" = http://www.searchamo...t=webs&bar=true
IE - HKU\S-1-5-21-1606980848-1417001333-1801674531-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.ca...g}&sourceid=ie7
IE - HKU\S-1-5-21-1606980848-1417001333-1801674531-1003\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT1060933
IE - HKU\S-1-5-21-1606980848-1417001333-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1606980848-1417001333-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.facebook...www.google.ca/"
FF - prefs.js..keyword.URL: "http://www.google.co...-8&oe=utf-8&q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\User\Application Data\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\User\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/04/28 08:18:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/04/28 08:18:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/08/08 20:59:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/15 23:26:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/08/08 20:59:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.11\extensions\\Components: C:\Program Files\SeaMonkey\components [2012/08/08 20:59:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.11\extensions\\Plugins: C:\Program Files\SeaMonkey\plugins

[2009/03/05 11:35:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions
[2012/08/15 23:20:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\qm52wcga.default\extensions
[2009/09/09 08:29:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\qm52wcga.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe41}
[2011/11/28 23:30:50 | 000,000,000 | ---D | M] (Freecorder Community Toolbar) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\qm52wcga.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
[2011/03/15 17:57:01 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\qm52wcga.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/10/22 07:53:04 | 000,000,000 | ---D | M] (History Submenus) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\qm52wcga.default\extensions\{7102aba3-045c-4ec2-b921-46d87636d84b}
[2012/05/16 22:19:48 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\qm52wcga.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012/03/26 19:16:34 | 000,000,000 | ---D | M] (FoxLingo) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\qm52wcga.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}
[2010/10/22 07:53:05 | 000,000,000 | ---D | M] (AnyColor) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\qm52wcga.default\extensions\[email protected]
[2011/03/19 12:02:12 | 000,000,000 | ---D | M] (Personas) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\qm52wcga.default\extensions\[email protected]
[2012/07/26 22:12:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\SeaMonkey\Profiles\t5o8xgjp.default\extensions
[2009/10/21 07:42:14 | 000,002,279 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\qm52wcga.default\searchplugins\ask.xml
[2010/10/20 15:40:12 | 000,000,923 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\qm52wcga.default\searchplugins\conduit.xml
[2012/08/15 11:50:49 | 000,002,282 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\qm52wcga.default\searchplugins\surf-canyon.xml
[2012/08/15 11:50:50 | 000,002,112 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\qm52wcga.default\searchplugins\wot-safe-search.xml
[2009/10/21 07:42:14 | 000,000,573 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\qm52wcga.default\searchplugins\yahoo.xml
[2011/11/13 19:03:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/08/15 23:20:42 | 000,166,004 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\QM52WCGA.DEFAULT\EXTENSIONS\{A64F9D1E-FA5E-11DA-A187-6B94C2ED2B83}.XPI
[2011/10/10 13:20:18 | 000,254,273 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\QM52WCGA.DEFAULT\EXTENSIONS\{CE6E6E3B-84DD-4CAC-9F63-8D2AE4F30A4B}.XPI
[2012/08/09 23:22:55 | 000,045,226 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\QM52WCGA.DEFAULT\EXTENSIONS\{EF522540-89F5-46B9-B6FE-1829E2B572C6}.XPI
[2012/02/12 22:44:02 | 000,061,854 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\QM52WCGA.DEFAULT\EXTENSIONS\[email protected]
[2012/07/20 13:54:25 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/28 18:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/13 19:03:40 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.83\pdf.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Documents and Settings\User\Application Data\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Unity Player (Enabled) = C:\Documents and Settings\User\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: DivX HiQ = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\
CHR - Extension: Google Bookmarks = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mnedccijmniojgaehpjebjfpkmafecho\0.6.1_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\
CHR - Extension: Google Reader = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjjhlfkghdhmijklfnahfkpgmhcmfgcm\4.3_0\

O1 HOSTS File: ([2009/12/22 05:13:44 | 000,625,907 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 fr.a2dfp.net
O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1 achmedia.com
O1 - Hosts: 127.0.0.1 aconti.net
O1 - Hosts: 127.0.0.1 secure.aconti.net
O1 - Hosts: 127.0.0.1 www.aconti.net #[Dialer.Aconti]
O1 - Hosts: 127.0.0.1 ads.active.com
O1 - Hosts: 127.0.0.1 am1.activemeter.com
O1 - Hosts: 127.0.0.1 www.activemeter.com #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ads.activepower.net
O1 - Hosts: 127.0.0.1 data2.activshopper.com #[Trackware.ActivShopper]
O1 - Hosts: 127.0.0.1 stat.active24stats.nl #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ad2games.com
O1 - Hosts: 127.0.0.1 cms.ad2click.nl
O1 - Hosts: 127.0.0.1 ads.ad2games.com
O1 - Hosts: 127.0.0.1 content.ad20.net
O1 - Hosts: 16591 more lines...
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1606980848-1417001333-1801674531-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-1606980848-1417001333-1801674531-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-1606980848-1417001333-1801674531-1003..\Run: [AdobeBridge] File not found
O4 - HKU\.DEFAULT..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 File not found
O4 - HKU\S-1-5-18..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 File not found
O4 - Startup: C:\Documents and Settings\HelpAssistant\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Privacy present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1606980848-1417001333-1801674531-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1606980848-1417001333-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1606980848-1417001333-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1606980848-1417001333-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {395E58B9-090C-461A-8F27-087D1C727945} http://conference.rship.ca/joinie.cab (Web Conferencing)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1227746001859 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 75.153.176.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2CCD4236-278F-41E7-BB2A-BBFEF7B0187B}: NameServer = 156.154.70.22,156.154.71.22
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{407DEE13-CA4E-4EB2-ADD2-780776220F8D}: NameServer = 156.154.70.22,156.154.71.22
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7B45EF8D-71DB-4BDB-BA84-A895D63AFD3C}: DhcpNameServer = 192.168.1.254 75.153.176.1
O18 - Protocol\Handler\intu-qt2008 {05E53CE9-66C8-4a9e-A99F-FDB7A8E7B596} - C:\Program Files\QuickTax 2008\ic2008pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\intu-qt2009 {03947252-2355-4e9b-B446-8CCC75C43370} - C:\Program Files\QuickTax 2009\ic2009pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\intu-tt2010 {97A0575E-2309-4e75-8509-B1F9390C4DE7} - C:\Program Files\TurboTax 2010\ic2010pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\intu-tt2011 {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - C:\Program Files\TurboTax 2011\ic2011pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/11/26 18:59:53 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{d6df7c60-673e-11e0-9370-002215063492}\Shell - "" = AutoRun
O33 - MountPoints2\{d6df7c60-673e-11e0-9370-002215063492}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d6df7c60-673e-11e0-9370-002215063492}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL drivers\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 60 Days ==========

[2012/08/19 22:52:51 | 000,442,560 | ---- | C] (Shlemoon Media Inc) -- C:\Documents and Settings\User\Application Data\fdmer.exe
[2012/08/19 22:52:48 | 000,525,312 | ---- | C] (BrowserSetter) -- C:\Documents and Settings\User\Application Data\bsetter-own.exe
[2012/08/19 22:52:48 | 000,000,000 | ---D | C] -- C:\Program Files\Freedom Download Manager
[2012/08/19 22:52:44 | 000,457,789 | ---- | C] (Freedom Download Manager ) -- C:\Documents and Settings\User\Application Data\fdm-setup.exe
[2012/08/19 22:52:41 | 000,419,554 | ---- | C] (SearchAmong ) -- C:\Documents and Settings\User\Application Data\satoolbar.exe
[2012/08/18 22:57:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2012/08/18 22:57:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Security Task Manager
[2012/08/18 22:57:48 | 000,000,000 | ---D | C] -- C:\Program Files\Security Task Manager
[2012/08/15 23:45:40 | 000,446,464 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvunrm.exe
[2012/08/15 23:45:40 | 000,446,464 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvuninst.exe
[2012/08/15 18:53:21 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2012/08/15 18:50:41 | 000,521,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
[2012/08/15 18:00:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\ATI
[2012/08/15 18:00:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\ATI
[2012/08/15 18:00:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ATI
[2012/08/15 17:52:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Start Menu\Programs\ATI Problem Report Wizard
[2012/08/15 17:52:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Start Menu\Programs\Catalyst Control Center
[2012/08/15 17:51:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2012/08/15 17:51:13 | 000,100,368 | ---- | C] (ATI Research Inc.) -- C:\WINDOWS\System32\drivers\AtiHdmi.sys
[2012/08/15 17:50:10 | 017,252,352 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\atioglxx.dll
[2012/08/15 17:50:10 | 006,406,656 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtag.sys
[2012/08/15 17:50:10 | 006,406,656 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati2mtag.sys
[2012/08/15 17:50:10 | 004,636,672 | ---- | C] (Advanced Micro Devices Inc.) -- C:\WINDOWS\System32\aticaldd.dll
[2012/08/15 17:50:10 | 004,029,824 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ati3duag.dll
[2012/08/15 17:50:10 | 002,673,280 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\System32\ativvaxx.dll
[2012/08/15 17:50:10 | 000,847,872 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2cqag.dll
[2012/08/15 17:50:10 | 000,651,264 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\atikvmag.dll
[2012/08/15 17:50:10 | 000,483,328 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\atiok3x2.dll
[2012/08/15 17:50:10 | 000,462,848 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\ATIDEMGX.dll
[2012/08/15 17:50:10 | 000,311,296 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\atiiiexx.dll
[2012/08/15 17:50:10 | 000,302,080 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2dvag.dll
[2012/08/15 17:50:10 | 000,294,912 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\ATIODE.exe
[2012/08/15 17:50:10 | 000,212,992 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\atipdlxx.dll
[2012/08/15 17:50:10 | 000,196,608 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\atiadlxx.dll
[2012/08/15 17:50:10 | 000,188,416 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2evxx.dll
[2012/08/15 17:50:10 | 000,155,648 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\Oemdspif.dll
[2012/08/15 17:50:10 | 000,118,784 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\atibtmon.exe
[2012/08/15 17:50:10 | 000,064,512 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\System32\atimpc32.dll
[2012/08/15 17:50:10 | 000,064,512 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\System32\amdpcom32.dll
[2012/08/15 17:50:10 | 000,057,344 | ---- | C] (Advanced Micro Devices Inc.) -- C:\WINDOWS\System32\aticalrt.dll
[2012/08/15 17:50:10 | 000,053,248 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2erec.dll
[2012/08/15 17:50:10 | 000,053,248 | ---- | C] (Advanced Micro Devices Inc.) -- C:\WINDOWS\System32\aticalcl.dll
[2012/08/15 17:50:10 | 000,053,248 | ---- | C] ( ATI Technologies Inc.) -- C:\WINDOWS\System32\ATIDDC.DLL
[2012/08/15 17:50:10 | 000,045,056 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\ATIODCLI.exe
[2012/08/15 17:50:10 | 000,043,520 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\ati2edxx.dll
[2012/08/15 17:50:10 | 000,026,112 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\Ati2mdxx.exe
[2012/08/15 17:50:10 | 000,024,064 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\ativcoxx.dll
[2012/08/15 17:50:10 | 000,017,408 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\atitvo32.dll
[2012/08/15 17:47:11 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2012/08/15 17:47:08 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2012/08/15 17:46:16 | 000,000,000 | ---D | C] -- C:\AMD
[2012/08/15 11:59:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\Performance
[2012/08/15 11:58:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Microsoft Corporation
[2012/08/15 11:55:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows 7 Upgrade Advisor
[2012/08/15 00:20:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CPA_VA
[2012/08/15 00:19:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Comodo
[2012/08/15 00:18:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\COMODO
[2012/08/15 00:10:38 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\User\Recent
[2012/08/15 00:09:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2012/08/14 23:36:05 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\gdiplus.dll
[2012/08/14 23:14:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\Music
[2012/08/14 23:12:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\jpg, ai, png etc
[2012/08/08 20:59:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Start Menu\Programs\QuickTime
[2012/08/08 20:58:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2012/08/08 19:09:15 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2012/08/03 18:10:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Start Menu\Programs\REALTEK 11n USB Wireless LAN Utility
[2012/08/03 18:09:56 | 000,015,872 | R--- | C] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System32\drivers\XPTWOPORT.sys
[2012/08/03 18:09:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\OPTIONS
[2012/08/03 18:09:45 | 001,270,120 | R--- | C] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System32\drivers\rtwlanu.sys
[2012/08/03 18:09:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\RtlGina
[2012/08/03 18:09:27 | 000,000,000 | ---D | C] -- C:\Program Files\REALTEK
[2012/07/30 22:14:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Start Menu\Programs\Music Manager
[2012/07/30 22:14:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Programs
[2012/07/26 22:50:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\FileZilla
[2012/07/26 22:50:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Start Menu\Programs\FileZilla FTP Client
[2012/07/26 22:50:26 | 000,000,000 | ---D | C] -- C:\Program Files\FileZilla FTP Client
[2012/07/26 22:40:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\svBuilder
[2012/07/26 22:40:27 | 000,000,000 | ---D | C] -- C:\Program Files\svBuilder
[2012/07/26 22:10:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Start Menu\Programs\SeaMonkey
[2012/07/26 22:09:59 | 000,000,000 | ---D | C] -- C:\Program Files\SeaMonkey
[2012/07/18 21:50:54 | 000,000,000 | --SD | C] -- C:\Documents and Settings\User\My Documents\Google Drive
[2012/07/18 21:41:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Start Menu\Programs\Google Drive
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 60 Days ==========

[2012/08/21 20:44:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/21 20:33:17 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2012/08/21 19:49:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-1417001333-1801674531-1003UA.job
[2012/08/21 16:50:55 | 000,002,277 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Google Chrome.lnk
[2012/08/21 16:50:55 | 000,002,255 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/08/21 15:07:27 | 000,001,984 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/08/21 13:49:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-1417001333-1801674531-1003Core.job
[2012/08/21 12:30:00 | 000,000,364 | ---- | M] () -- C:\WINDOWS\tasks\RegistryConvoy.job
[2012/08/21 11:43:14 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/21 11:43:12 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/08/21 02:08:27 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/08/21 02:00:00 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-DEN-User.job
[2012/08/20 21:23:51 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{AB64F500-7EC3-4490-A99E-ECE2065DE0B3}.job
[2012/08/20 00:34:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/08/19 22:52:53 | 000,442,560 | ---- | M] (Shlemoon Media Inc) -- C:\Documents and Settings\User\Application Data\fdmer.exe
[2012/08/19 22:52:50 | 000,525,312 | ---- | M] (BrowserSetter) -- C:\Documents and Settings\User\Application Data\bsetter-own.exe
[2012/08/19 22:52:47 | 000,457,789 | ---- | M] (Freedom Download Manager ) -- C:\Documents and Settings\User\Application Data\fdm-setup.exe
[2012/08/19 22:52:43 | 000,419,554 | ---- | M] (SearchAmong ) -- C:\Documents and Settings\User\Application Data\satoolbar.exe
[2012/08/19 16:48:30 | 000,067,568 | ---- | M] () -- C:\Documents and Settings\User\Desktop\TV.JPG
[2012/08/17 20:55:24 | 006,260,697 | ---- | M] () -- C:\Documents and Settings\User\Desktop\seaworld.JPG
[2012/08/16 03:01:23 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/08/15 19:16:46 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/08/15 17:50:56 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ativpsrm.bin
[2012/08/15 03:17:16 | 003,889,280 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/08/15 00:10:19 | 000,188,054 | ---- | M] () -- C:\Documents and Settings\User\My Documents\cc_20120815_001004.reg
[2012/08/14 23:37:14 | 000,001,141 | ---- | M] () -- C:\WINDOWS\System32\{1606DC18-9578-4cbd-8312-8E9868F06A1D}.conf
[2012/08/14 23:37:14 | 000,000,404 | ---- | M] () -- C:\WINDOWS\System32\{7995330B-E01F-4645-B702-53481E7CB778}.cmdfile
[2012/08/14 23:36:05 | 001,700,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\gdiplus.dll
[2012/08/08 20:50:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/08/05 19:59:36 | 000,069,120 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/08/03 18:10:01 | 000,376,832 | ---- | M] () -- C:\WINDOWS\System32\AegisI5Installer.exe
[2012/07/26 22:10:05 | 000,001,582 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\SeaMonkey.lnk
[2012/07/06 07:58:52 | 000,337,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2012/07/06 07:58:51 | 000,078,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browser.dll
[2012/07/04 08:05:18 | 000,139,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwd.sys
[2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/07/03 09:07:42 | 000,133,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\extmgr.dll
[2012/07/03 07:40:15 | 001,866,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\win32k.sys
[2012/07/03 07:40:15 | 001,866,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys
[2012/07/03 06:18:23 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieudinit.exe
[2012/07/02 23:19:34 | 011,111,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2012/07/02 11:49:33 | 001,212,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2012/07/02 11:49:33 | 000,916,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2012/07/02 11:49:33 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstime.dll
[2012/07/02 11:49:33 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll
[2012/07/02 11:49:33 | 000,206,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll
[2012/07/02 11:49:33 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\url.dll
[2012/07/02 11:49:33 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\url.dll
[2012/07/02 11:49:33 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll
[2012/07/02 11:49:32 | 006,008,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2012/07/02 11:49:32 | 002,000,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2012/07/02 11:49:32 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl
[2012/07/02 11:49:32 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl
[2012/07/02 11:49:32 | 000,629,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll
[2012/07/02 11:49:32 | 000,629,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2012/07/02 11:49:32 | 000,521,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
[2012/07/02 11:49:32 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll
[2012/07/02 11:49:32 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
[2012/07/02 11:49:32 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll
[2012/07/02 11:49:32 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2012/07/02 11:49:32 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\licmgr10.dll
[2012/07/02 11:49:32 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\licmgr10.dll
[2012/07/02 11:49:32 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll
[2012/07/02 11:49:32 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll
[2012/07/02 11:49:31 | 000,743,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2012/07/02 11:49:31 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll
[2012/07/02 11:49:31 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll
[2012/07/02 06:05:57 | 000,174,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe
[2012/07/02 06:05:57 | 000,174,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ie4uinit.exe
[2012/07/02 06:05:43 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\html.iec
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/19 16:48:37 | 000,067,568 | ---- | C] () -- C:\Documents and Settings\User\Desktop\TV.JPG
[2012/08/17 20:55:22 | 006,260,697 | ---- | C] () -- C:\Documents and Settings\User\Desktop\seaworld.JPG
[2012/08/16 22:58:57 | 000,002,277 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Google Chrome.lnk
[2012/08/15 23:45:41 | 000,006,045 | ---- | C] () -- C:\WINDOWS\System32\nvnrm.nvu
[2012/08/15 23:45:41 | 000,004,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2012/08/15 19:21:11 | 000,270,142 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Minecraft.exe
[2012/08/15 17:50:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2012/08/15 17:50:10 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2012/08/15 17:50:10 | 000,578,048 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.cap
[2012/08/15 17:50:10 | 000,227,587 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2012/08/15 17:50:10 | 000,030,707 | ---- | C] () -- C:\WINDOWS\atiogl.xml
[2012/08/15 17:50:10 | 000,007,167 | ---- | C] () -- C:\WINDOWS\System32\atifglpf.xml
[2012/08/15 17:50:10 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2012/08/15 11:55:52 | 000,001,868 | ---- | C] () -- C:\Documents and Settings\User\Start Menu\Programs\Windows 7 Upgrade Advisor.lnk
[2012/08/15 00:24:42 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2012/08/15 00:10:07 | 000,188,054 | ---- | C] () -- C:\Documents and Settings\User\My Documents\cc_20120815_001004.reg
[2012/08/14 23:37:14 | 000,000,404 | ---- | C] () -- C:\WINDOWS\System32\{7995330B-E01F-4645-B702-53481E7CB778}.cmdfile
[2012/08/14 23:37:13 | 000,001,141 | ---- | C] () -- C:\WINDOWS\System32\{1606DC18-9578-4cbd-8312-8E9868F06A1D}.conf
[2012/08/03 18:09:57 | 000,376,832 | ---- | C] () -- C:\WINDOWS\System32\AegisI5Installer.exe
[2012/08/03 18:09:26 | 000,451,072 | ---- | C] () -- C:\WINDOWS\System32\ISSRemoveSP.exe
[2012/07/31 01:09:40 | 000,001,984 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/07/26 22:40:29 | 000,000,646 | ---- | C] () -- C:\Documents and Settings\User\Start Menu\Programs\svBuilder.lnk
[2012/07/26 22:10:05 | 000,001,582 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\SeaMonkey.lnk
[2012/06/03 21:50:35 | 000,495,496 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/02/15 21:03:29 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/01/14 00:31:15 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2010/11/11 13:04:52 | 000,072,080 | ---- | C] () -- C:\Documents and Settings\User\g2mdlhlpx.exe
[2010/10/04 10:14:19 | 000,102,248 | ---- | C] () -- C:\Documents and Settings\User\GoToAssistDownloadHelper.exe
[2010/09/26 17:54:05 | 000,000,244 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2010/09/26 17:54:05 | 000,000,093 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2010/09/26 17:53:50 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2010/09/26 17:53:50 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2010/09/26 17:49:40 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\bridf08a.dat
[2010/09/26 17:49:32 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2010/09/26 17:49:32 | 000,000,086 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini
[2010/09/26 17:49:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2010/09/26 17:46:24 | 000,031,767 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2010/09/23 16:10:00 | 000,096,888 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/09/23 15:24:37 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2010/09/23 15:24:37 | 000,000,059 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2010/08/31 09:11:16 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\LXECPMON.DLL
[2010/08/31 09:11:16 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXECFXPU.DLL
[2010/08/31 09:10:56 | 004,485,120 | ---- | C] () -- C:\WINDOWS\System32\LXECoem.dll
[2010/08/31 08:58:01 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\LXECsmr.dll
[2010/08/31 08:58:00 | 000,299,008 | ---- | C] () -- C:\WINDOWS\System32\LXECsm.dll
[2010/06/08 07:47:16 | 000,058,202 | ---- | C] () -- C:\Program Files\Flash Professional CS5 Read Me.pdf
[2010/03/15 08:50:47 | 013,791,744 | ---- | C] () -- C:\Documents and Settings\User\BlackBerry_USB_and_Modem_Drivers_ENG.msi
[2008/12/10 14:24:42 | 000,000,550 | ---- | C] () -- C:\Documents and Settings\User\Shortcut to Desktop.lnk
[2008/12/02 16:13:29 | 000,069,120 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== LOP Check ==========

[2012/08/17 10:01:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Application Data\.minecraft
[2012/08/16 08:39:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Application Data\LEGO Company
[2009/01/17 23:11:45 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2012/08/15 08:40:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CPA_VA
[2010/09/07 15:45:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lexmark Pro800-Pro900 Series
[2008/12/24 18:30:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2009/05/27 09:22:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PBGsavesDirectory
[2010/09/23 15:43:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2010/08/31 09:10:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pro800-Pro900 Series
[2010/06/08 08:42:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2010/08/11 00:23:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2010/09/26 17:46:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2012/08/18 23:12:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2009/12/27 22:16:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/11/01 19:28:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\X-Rite
[2012/08/01 20:19:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\.minecraft
[2011/05/11 08:23:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Amazon
[2009/03/03 21:51:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Astute Graphics
[2009/06/14 15:54:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Atari
[2010/05/12 19:29:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Blender Foundation
[2009/04/09 17:49:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Bump Technologies, Inc
[2011/02/11 00:55:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\calibre
[2009/02/18 17:10:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Canon
[2010/06/08 12:52:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/04/20 20:02:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/08/14 23:41:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Dropbox
[2010/03/10 14:41:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Facebook
[2012/07/26 23:02:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\FileZilla
[2009/03/07 18:37:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Filter Forge Freepack 1 - Metals
[2009/03/07 18:45:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Filter Forge Freepack 2 - Photo Effects
[2010/02/04 21:16:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\FontCreator
[2009/03/29 16:49:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\GarageGames
[2010/12/17 17:39:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\GetRightToGo
[2011/03/10 16:45:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\ICAClient
[2011/05/30 15:31:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\ImageDesktop.70A796F90E3A41D1B0A2F1D200C8BD1EF0788CF6.1
[2009/06/14 15:52:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Leadertech
[2009/09/28 08:37:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\LEGO Company
[2008/12/24 18:30:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\NCH Swift Sound
[2010/08/10 21:18:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\OverDrive
[2012/04/29 21:00:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\PriceGong
[2010/08/31 09:48:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Pro800-Pro900 Series
[2011/04/07 23:49:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Research In Motion
[2012/03/09 01:22:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\SecondLife
[2012/07/26 22:40:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\svBuilder
[2010/06/10 18:26:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\SWiSH Max3
[2011/04/07 14:23:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\TeamViewer
[2012/04/18 23:50:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Thunderbird
[2010/09/23 16:06:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2010/10/02 18:41:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Unity
[2010/05/13 08:30:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Wings3D
[2010/08/29 00:03:09 | 000,000,362 | ---- | M] () -- C:\WINDOWS\Tasks\Install_NSS.job
[2012/08/21 12:30:00 | 000,000,364 | ---- | M] () -- C:\WINDOWS\Tasks\RegistryConvoy.job
[2012/08/20 21:23:51 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{AB64F500-7EC3-4490-A99E-ECE2065DE0B3}.job

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >
[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe

< MD5 for: EXPLORER.EXE >
[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< C:\Windows\assembly\tmp\U\*.* /s >

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< type c:\diskreport.txt /c >
Microsoft DiskPart version 5.1.3565
Copyright © 1999-2003 Microsoft Corporation.
On computer: DEN
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 D DVD-ROM 0 B
Volume 1 C NTFS Partition 466 GB Healthy System
Volume 2 E Removeable 0 B
Volume 3 F Removeable 0 B
Volume 4 G Removeable 0 B
Volume 5 H Removeable 0 B
Volume 6 K Removeable 0 B
Volume 7 I ALASKA FAT32 Removeable 7633 MB

========== Files - Unicode (All) ==========
[2012/08/21 11:44:28 | 000,007,557 | ---- | M] ()(C:\Documents and Settings\User\??j) -- C:\Documents and Settings\User\漀ѽj
[2012/08/21 11:43:25 | 000,007,656 | ---- | M] ()(C:\Documents and Settings\User\??z) -- C:\Documents and Settings\User\�Ѹz
[2012/08/08 20:17:23 | 000,000,759 | ---- | M] ()(C:\WINDOWS\System32\??p) -- C:\WINDOWS\System32\脀Ѹp
[2012/08/08 20:17:22 | 000,000,792 | ---- | M] ()(C:\WINDOWS\System32\??r) -- C:\WINDOWS\System32\脀Ѹr
[2012/08/08 20:17:21 | 000,000,759 | ---- | M] ()(C:\WINDOWS\System32\??h) -- C:\WINDOWS\System32\漀ѽh
[2012/08/08 20:17:20 | 000,000,825 | ---- | M] ()(C:\WINDOWS\System32\??x) -- C:\WINDOWS\System32\Ѹx
[2012/08/08 20:16:44 | 000,001,947 | ---- | M] ()(C:\WINDOWS\System32\??z) -- C:\WINDOWS\System32\�Ѹz
[2012/07/18 22:32:19 | 000,000,528 | ---- | M] ()(C:\Documents and Settings\User\??x) -- C:\Documents and Settings\User\Ѹx
[2010/08/26 07:44:32 | 000,000,033 | ---- | M] ()(C:\WINDOWS\System32\??j) -- C:\WINDOWS\System32\漀ѽj
[2010/08/26 07:44:31 | 000,000,033 | ---- | C] ()(C:\WINDOWS\System32\??j) -- C:\WINDOWS\System32\漀ѽj
[2010/08/16 09:35:39 | 000,000,792 | ---- | C] ()(C:\WINDOWS\System32\??r) -- C:\WINDOWS\System32\脀Ѹr
[2010/08/16 09:35:39 | 000,000,759 | ---- | C] ()(C:\WINDOWS\System32\??p) -- C:\WINDOWS\System32\脀Ѹp
[2010/08/16 09:35:38 | 000,000,825 | ---- | C] ()(C:\WINDOWS\System32\??x) -- C:\WINDOWS\System32\Ѹx
[2010/08/16 09:35:38 | 000,000,759 | ---- | C] ()(C:\WINDOWS\System32\??h) -- C:\WINDOWS\System32\漀ѽh
[2010/08/16 09:35:38 | 000,000,528 | ---- | C] ()(C:\Documents and Settings\User\??x) -- C:\Documents and Settings\User\Ѹx
[2010/08/15 20:12:04 | 000,001,947 | ---- | C] ()(C:\WINDOWS\System32\??z) -- C:\WINDOWS\System32\�Ѹz
[2010/08/11 00:54:35 | 000,007,557 | ---- | C] ()(C:\Documents and Settings\User\??j) -- C:\Documents and Settings\User\漀ѽj
[2010/08/11 00:54:34 | 000,007,656 | ---- | C] ()(C:\Documents and Settings\User\??z) -- C:\Documents and Settings\User\�Ѹz

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\User\My Documents\Weather Watches & Warnings_...pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\User\My Documents\V8049297.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\User\My Documents\Untitled-1.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\User\My Documents\typeface periodical chart.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\User\My Documents\Silas Beezley Desc Chart_Page_3.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\User\My Documents\Silas Beezley Desc Chart_Page_2.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\User\My Documents\Silas Beezley Desc Chart_Page_1.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\User\My Documents\Silas Beezley Desc Chart.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\User\My Documents\shadow.png:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\User\My Documents\ram 5500.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\User\My Documents\pretty girls copy.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\User\My Documents\openrangerv.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\User\My Documents\New Image.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\User\My Documents\GURPS_Lite_Fourth_Edition.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\User\My Documents\frozen road.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\User\My Documents\Flash.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\User\My Documents\fireworks over Medicine Hat copy.png:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\User\My Documents\fence estimate by hillraisers.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\User\My Documents\fax cover sheet.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\User\My Documents\dreidel1.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\User\My Documents\city chrysler card.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\User\My Documents\CharacterSheet.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\User\My Documents\Cal - CMYK.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\User\My Documents\Boo!Planning.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\User\My Documents\Beezley.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\User\My Documents\background01 copy.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\User\My Documents\Autumn_Leaves_Herbarium.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\User\My Documents\ark.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\User\My Documents\10946_1273745001745_1173532228_30841053_6853930_n.jpg:Roxio EMC Stream
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >
















OTL Extras


OTL Extras logfile created on: 8/21/2012 8:35:12 PM - Run 3
OTL by OldTimer - Version 3.2.58.1 Folder = C:\Documents and Settings\User\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.79 Gb Available Physical Memory | 59.62% Memory free
3.86 Gb Paging File | 2.86 Gb Available in Paging File | 74.12% Paging File free
Paging file location(s): C:\pagefile.sys 1046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 203.90 Gb Free Space | 43.78% Space Free | Partition Type: NTFS
Drive I: | 7.44 Gb Total Space | 6.31 Gb Free Space | 84.79% Space Free | Partition Type: FAT32

Computer Name: DEN | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-1606980848-1417001333-1801674531-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"2479:TCP" = 2479:TCP:*:Enabled:Services
"3246:TCP" = 3246:TCP:*:Enabled:Services
"7629:TCP" = 7629:TCP:*:Enabled:Services
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"5454:TCP" = 5454:TCP:*:Enabled:X-Rite Device Manager

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3703:TCP" = 3703:TCP:*:Enabled:Adobe Version Cue CS3 Server
"3704:TCP" = 3704:TCP:*:Enabled:Adobe Version Cue CS3 Server
"50900:TCP" = 50900:TCP:*:Enabled:Adobe Version Cue CS3 Server
"50901:TCP" = 50901:TCP:*:Enabled:Adobe Version Cue CS3 Server
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"2479:TCP" = 2479:TCP:*:Enabled:Services
"3246:TCP" = 3246:TCP:*:Enabled:Services
"7629:TCP" = 7629:TCP:*:Enabled:Services
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"4481:TCP" = 4481:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync data transfer
"4481:UDP" = 4481:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync discovery
"4482:TCP" = 4482:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync data transfer
"4482:UDP" = 4482:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync discovery
"5454:TCP" = 5454:TCP:*:Enabled:X-Rite Device Manager
"1542:TCP" = 1542:TCP:*:Enabled:Realtek WPS TCP Prot
"1542:UDP" = 1542:UDP:*:Enabled:Realtek WPS UDP Prot
"53:UDP" = 53:UDP:*:Enabled:Realtek AP UDP Prot

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Documents and Settings\User\My Documents\SecondLife\SLVoice.exe" = C:\Documents and Settings\User\My Documents\SecondLife\SLVoice.exe:*:Disabled:SLVoice -- ()
"C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe" = C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server -- (Adobe Systems Incorporated)
"C:\Documents and Settings\User\My Documents\SecondLife\SecondLife.exe" = C:\Documents and Settings\User\My Documents\SecondLife\SecondLife.exe:*:Enabled:Second Life -- (Linden Lab)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Emerald Viewer\Emerald.exe" = C:\Program Files\Emerald Viewer\Emerald.exe:*:Enabled:Second Life Open Source [Emerald Viewer]
"C:\Program Files\Emerald Viewer\SLVoice.exe" = C:\Program Files\Emerald Viewer\SLVoice.exe:*:Enabled:SLVoice
"C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" = C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe:*:Enabled:SwitchBoard Server (32 bit) -- (Adobe Systems Incorporated)
"C:\WINDOWS\system32\lxeccoms.exe" = C:\WINDOWS\system32\lxeccoms.exe:*:Enabled:Pro800-Pro900 Series Server
"C:\Program Files\Phoenix Viewer\SLVoice.exe" = C:\Program Files\Phoenix Viewer\SLVoice.exe:*:Disabled:SLVoice -- ()
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth
"C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Documents and Settings\User\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\User\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox
"C:\Program Files\TeamViewer\Version6\TeamViewer.exe" = C:\Program Files\TeamViewer\Version6\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe" = C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)
"C:\Program Files\SecondLifeViewer2\SLVoice.exe" = C:\Program Files\SecondLifeViewer2\SLVoice.exe:*:Enabled:SLVoice -- (Vivox Inc.)
"C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe" = C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe:*:Enabled:BlackBerry Desktop Software -- (Research In Motion)
"C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe" = C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe:*:Enabled:RtWlan -- (Realtek Semiconductor Corp.)
"C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RTLDHCP.exe" = C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RTLDHCP.exe:*:Enabled:RTLDHCP -- (Realtek)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{00A61262-B3E6-D3B9-1D4C-9DB48DF02FDA}" = CCC Help Russian
"{01B4AC8E-6D83-44B3-958D-2AFE57BE54DB}" = Brother MFL-Pro Suite MFC-6490CW
"{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}" = ScanSoft PaperPort 11
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}" = Macromedia Dreamweaver MX 2004
"{07959F1D-29CD-E798-6174-C977F8051BA1}" = CCC Help French
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0A1E5986-A8AF-AB93-F005-9C0104A1E18E}" = CCC Help Dutch
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
"{12CAA28E-56CA-4C3D-B3F2-7311540DD410}" = TurboTax 2011
"{12E8AED7-4B46-7185-DDB1-CE975952B071}" = CCC Help Korean
"{1717973A-42AA-A0CF-D328-CA1241C08142}" = PhotoDecryptor
"{174D1BCC-307E-AD52-00D9-CA01C8049A57}" = Catalyst Control Center Graphics Full Existing
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1CF32316-9308-25E1-9E5C-A3DC04763A49}" = ATI Catalyst Install Manager
"{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server {ko_KR}
"{2186D30D-CDEA-5281-E0D9-78B135614843}" = Catalyst Control Center HydraVision Full
"{222421DC-CAEB-42EC-AF15-09A39AA5C94D}" = Adobe Creative Suite 3 Design Standard
"{24AE6B5B-3D5A-488C-9224-1BEE11F75DD9}" = TurboTax 2010
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v. 1.3.1249.0
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 22
"{26DB09BC-6EB5-4CE0-A05D-D4DECE60E189}_is1" = Phoenix Viewer 1.6.0.1600
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{2F08C75A-2E67-0848-36B7-1756F2EF4924}" = CCC Help Danish
"{32A72502-BC2C-4C39-ACEA-BC3D463F0697}" = EN
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{369B5DB1-5E24-0371-BA5C-A0F949593364}" = CCC Help Chinese Traditional
"{37054EAA-547C-4F05-909A-3782F7620CCF}_is1" = X-Rite Device i1 Pro Service
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4229F016-3A60-439E-B626-DE4BD457469F}" = BlackBerry Device Manager 7.0
"{426895FA-1508-1D1E-D7E7-858945319ED1}" = CCC Help Norwegian
"{457E3B9F-5111-DF10-6CFE-2D54AE238045}" = CCC Help Hungarian
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4723f199-fa64-4233-8e6e-9fccc95a18ee}" = Python 2.6.5
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}" = FontNav
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{53A908D4-99C6-469B-BC13-F4189F260742}" = Corel Painter Essentials 4
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{57C2EC22-1FCE-EEF6-64CF-F8942B44A4F8}" = Catalyst Control Center Graphics Full New
"{58C19BBD-4D08-6835-A608-27A2B568A7F6}" = TweetDeck
"{5E125AC7-0ABC-4089-9529-6A51A36C84F0}" = The Princess Bride Game
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{61BE49E9-E1C8-8ED1-C623-09DAAD91AB16}" = ccc-core-static
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6E9EF98E-259E-416D-B5F8-0ABDB99942CE}" = Adobe Flash Player 10 ActiveX
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74BF0A46-DF67-4D86-B038-BF0E51871B66}" = Ai Booster
"{75157F34-02C6-4831-BD66-3BC49E7A8394}" = BlackBerry Desktop Software 6.1
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7C5123A9-30A8-4C44-89CA-A8C87A1FCC91}" = CorelDRAW Graphics Suite X3
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{813E81B8-7974-06D3-CCC0-25888B3213DE}" = CCC Help Turkish
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8970BC29-107D-E032-8197-B78EAAFFB1F2}" = CCC Help Spanish
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8F47B3CB-CA0F-202C-8576-23F6346B906B}" = CCC Help German
"{90140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9064317A-39C7-40D5-8CF5-04A254747B88}" = BlackBerry Device Software Updater
"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon 3 Platinum
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{957D345E-ADDB-9844-1BBF-C81BCDDAB895}" = Catalyst Control Center InstallProxy
"{95B4C23C-EAD2-C20D-5E6F-0DDB646EB069}" = CCC Help Greek
"{99ECCA1D-2FBA-5176-A24A-CEFB1E040229}" = CCC Help Swedish
"{9ACEA9CD-63B9-4784-807B-EA295E96A7C3}_is1" = X-Rite Device Manager
"{9ADE9794-F65D-11BE-051B-B6E52B5CDD04}" = Adobe Community Help
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C049499-055C-4a0c-A916-1D12314F45EB}" = REALTEK Wireless LAN Driver and Utility
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9D7C67EF-F57B-BCFD-A236-F26F5DE6DB2D}" = CCC Help Finnish
"{A18F0A9D-D67B-35D8-C041-067E5F2DF2F9}" = svBuilder
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A85AD707-781F-2B73-E134-38084AACB5D5}" = ATI AVIVO Codecs
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA0D2D5F-612B-45D3-8759-DA87206E5CC9}" = QuickTax 2008
"{AADB4114-27B1-E245-4BCB-CED16C2918DB}" = Catalyst Control Center Graphics Light
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}_950" = Adobe Acrobat 9.5.0 - CPSID_83708
"{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B1209A6C-9EE3-4AAB-BCC1-AF83462ED558}" = BlackBerry Device Software v5.0.0 for the BlackBerry 9530 smartphone
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B71B5EF0-CD07-055A-157A-542985BE3C77}" = Catalyst Control Center Graphics Previews Common
"{B7F560B3-6EFF-4026-A982-843895A41149}" = Adobe BridgeTalk Plugin CS3
"{B98BE95C-E76F-4246-B8E6-BEB8EE791D06}" = Roxio Media Manager
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BFFD3331-0B0B-4703-947B-264C4315DEFB}_is1" = Download Manager v1.7.0.0
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C10DCF2D-0D4D-08AF-03A5-4618A5FEFA0D}" = Catalyst Control Center Localization All
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C83F137B-AABF-C07A-2944-A396E4970384}" = CCC Help Chinese Standard
"{C94E45B0-6AA6-4FB9-9AAE-22085F631880}" = VBA
"{CA5696E9-4F2E-2BF8-1167-DD826E79D48A}" = Skins
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF929EEB-CE39-4F06-B1BF-F51FC617A2B2}" = Catalyst Control Center - Branding
"{CFC9F871-7C40-40B6-BE4A-B98A5B309716}" = Adobe Flash Professional CS5
"{D035AD69-6A71-7D26-33AC-31E9C2DDDC0D}" = CCC Help English
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D17D4ECA-71F1-5419-8BE2-3164860A2D99}" = CCC Help Thai
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D27018A4-4227-FAF5-8EFD-E214B21FA143}" = Image Desktop
"{D4DBF0C9-E294-4C01-A205-73B8ED947D50}" = Adobe Setup
"{D6DB4E24-E8CB-69AE-2B80-7932A08EE075}" = ccc-core-preinstall
"{D86F3EA6-93A3-D020-0D77-204AB1696067}" = ATI Problem Report Wizard
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DD522D42-0834-403B-1AD5-B2A4497A11A1}" = CCC Help Japanese
"{DD76929B-48C8-4442-33BF-CEADF12A73AE}" = CCC Help Italian
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DE1A571A-362A-5ACD-D51B-98906DB66419}" = CCC Help Polish
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E703159B-9E9D-5D61-9037-4FDA939DA089}" = ccc-utility
"{E77A53A2-4623-4635-AE7F-702152168EE5}" = Google Drive
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{ECB9C58E-C565-4683-9599-B72290BD3B25}" = QuickTax 2009
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F4D370E8-3040-AEDA-F199-88F9184EF166}" = CCC Help Portuguese
"{F85E4782-5B90-4845-9D7D-D11DE2F5EA5E}" = HydraVision
"{F8E4005B-C364-6613-DA09-9E9F192CAC23}" = Catalyst Control Center Core Implementation
"{F9803BB3-7641-21E6-5A18-7299770BB530}" = CCC Help Czech
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.20
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_0e772471f6aed60c960ed52600a76bd" = Add or Remove Adobe Creative Suite 3 Design Standard
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Audacity_is1" = Audacity 1.2.6
"AudibleManager" = AudibleManager
"BlackBerry Theme Studio 5.0" = BlackBerry Theme Studio 5.0
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.1
"BlackBerry_HandheldManager" = BlackBerry Device Manager 7.0
"Blender" = Blender (remove only)
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Color Efex Pro 3.0 Wacom Edition 3" = Color Efex Pro 3.0 Wacom Edition 3
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"com.image.PhotoDecryptor.05649D22AD17CD0568B375F4F8A4050AC163CA8B.1" = PhotoDecryptor
"Divorce Forms09-1" = Divorce Forms
"DivX Setup.divx.com" = DivX Setup
"Dungeon Keeper II" = Dungeon Keeper 2
"DVD Decrypter" = DVD Decrypter (Remove Only)
"ERUNT_is1" = ERUNT 1.1j
"FDT" = FDT
"FileZilla Client" = FileZilla Client 3.5.3
"Filter Forge Freepack 1 - Metals_is1" = Filter Forge Freepack 1 - Metals 1.012
"Filter Forge Freepack 2 - Photo Effects_is1" = Filter Forge Freepack 2 - Photo Effects 1.012
"FontCreator6_is1" = High-Logic FontCreator 6.0
"FormatFactory" = FormatFactory 2.60
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"ImageDesktop.70A796F90E3A41D1B0A2F1D200C8BD1EF0788CF6.1" = Image Desktop
"LameACM" = Lame ACM MP3 Codec
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
"Mozilla Thunderbird 12.0.1 (x86 en-US)" = Mozilla Thunderbird 12.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Pen Tablet Driver" = Pen Tablet
"PloppSL" = PloppSL
"SeaMonkey (2.11)" = SeaMonkey (2.11)
"SecondLife" = SecondLife (remove only)
"SecondLifeViewer2" = SecondLifeViewer2 (remove only)
"Security Task Manager" = Security Task Manager 1.8d
"svBuilder" = svBuilder
"SWiSH Jukebox2" = SWiSH Jukebox2
"SWiSH Lite" = SWiSH Lite
"SWiSH Max3" = SWiSH Max3
"SWiSH Video3" = SWiSH Video3
"Switch" = Switch Sound File Converter
"TeamViewer 6" = TeamViewer 6
"TM Randomize Slideshow_is1" = TM Randomize Slideshow
"TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1" = TweetDeck
"WavePad" = WavePad Sound Editor
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Wings 3D 1.2" = Wings 3D 1.2

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1606980848-1417001333-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"Google Chrome" = Google Chrome
"MusicManager" = Music Manager
"New LEGO Digital Designer" = LEGO Digital Designer
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/15/2012 7:59:58 PM | Computer Name = DEN | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 8/15/2012 7:59:58 PM | Computer Name = DEN | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 8/15/2012 8:11:05 PM | Computer Name = DEN | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 8/15/2012 8:11:05 PM | Computer Name = DEN | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 8/15/2012 8:11:24 PM | Computer Name = DEN | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 8/15/2012 8:11:24 PM | Computer Name = DEN | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 8/15/2012 8:18:21 PM | Computer Name = DEN | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 8/15/2012 8:18:21 PM | Computer Name = DEN | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 8/15/2012 8:32:14 PM | Computer Name = DEN | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 8/15/2012 8:32:14 PM | Computer Name = DEN | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

[ OSession Events ]
Error - 1/14/2009 6:06:15 AM | Computer Name = U-934B90FD0BC14 | Source = Microsoft Office 12 Sessions | ID = 7001
Description =

Error - 10/24/2009 1:09:33 PM | Computer Name = U-934B90FD0BC14 | Source = Microsoft Office 12 Sessions | ID = 7001
Description =

[ System Events ]
Error - 8/14/2012 10:39:47 PM | Computer Name = DEN | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
9 service to connect.

Error - 8/14/2012 10:39:47 PM | Computer Name = DEN | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service RoxWatch9 with
arguments "" in order to run the server: {537D2B45-D156-4D32-B7A7-08084BBCCC06}

Error - 8/15/2012 2:20:06 AM | Computer Name = DEN | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the RoxMediaDB9 service to
connect.

Error - 8/15/2012 2:20:06 AM | Computer Name = DEN | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service RoxMediaDB9
with arguments "" in order to run the server: {5EFBB572-1CBD-47DA-8BBA-5BAB9CADD108}

Error - 8/15/2012 7:30:44 PM | Computer Name = DEN | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service RoxMediaDB9
with arguments "" in order to run the server: {5EFBB572-1CBD-47DA-8BBA-5BAB9CADD108}

Error - 8/15/2012 7:30:52 PM | Computer Name = DEN | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the RoxMediaDB9 service to
connect.

Error - 8/16/2012 1:36:07 AM | Computer Name = DEN | Source = DCOM | ID = 10010
Description = The server {FFF2D28F-E4EE-44D9-8104-8E71556757F6} did not register
with DCOM within the required timeout.


< End of report >














aswMBR Log:



aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-21 21:32:40
-----------------------------
21:32:40.203 OS Version: Windows 5.1.2600 Service Pack 3
21:32:40.203 Number of processors: 4 586 0xF0B
21:32:40.203 ComputerName: DEN UserName:
21:32:42.468 Initialize success
21:33:25.953 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Scsi\nvgts1Port2Path1Target1Lun0
21:33:25.953 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 1
21:33:25.968 Disk 0 MBR read successfully
21:33:25.968 Disk 0 MBR scan
21:33:25.968 Disk 0 Windows XP default MBR code
21:33:25.968 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476937 MB offset 63
21:33:25.968 Disk 0 scanning sectors +976768065
21:33:26.000 Disk 0 malicious Win32:MBRoot code @ sector 976768068 !
21:33:26.000 Disk 0 PE file @ sector 976768090 !
21:33:26.046 Disk 0 scanning C:\WINDOWS\system32\drivers
21:33:30.546 Service scanning
21:33:35.125 Service MpKsl0187f478 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CEE80C5A-9FA6-45F5-AB2D-BFFF8ACE7611}\MpKsl0187f478.sys **LOCKED** 32
21:33:36.578 Service PciCon D:\PciCon.sys **LOCKED** 21
21:33:41.484 Modules scanning
21:33:46.156 Disk 0 trace - called modules:
21:33:46.171
21:33:46.171 Scan finished successfully
21:34:40.390 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\User\Desktop\MBR.dat"
21:34:40.406 The log file has been saved successfully to "C:\Documents and Settings\User\Desktop\aswMBR.txt"
  • 0

#4
blmadara
Posted 23 August 2012 - 02:50 PM

blmadara

    Trusted Helper

  • Malware Removal
  • 767 posts
Hi jester1525,

Hi blmadara - Thanks for the help!


You're welcome!!

Step One: Back-up Registry with ERUNT

The steps that I am about to suggest involve modifying the registry. Modifying the registry can be dangerous so we will make a backup of the registry first.
Modification of the registry can be extremely dangerous if you do not know exactly what you are doing so follow the steps that are listed below exactly. If you cannot perform some of these steps or if you have any questions please ask before proceeding.

Backing Up Your Registry
  • Download ERUNT
    (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
  • Install ERUNT by following the prompts
    (use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
  • Start ERUNT
    (either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
  • Choose a location for the backup
    (the default location is C:\WINDOWS\ERDNT which is acceptable).
  • Make sure that at least the first two check boxes are ticked
  • Press OK
  • Press YES to create the folder.
Posted Image
Note: If it is necessary to restore the registry, open the backup folder and start ERDNT.exe


Step Two: OTL Fix

Note: If you have Malwarebytes 1.6 or higher installed please disable it for the duration of this fix as it may interfere with the successfully execution of the script below. If it still hangs then please uninstall MalwareBytes' and run this fix again.


Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
IE - HKLM\..\SearchScopes\{154d339e-ccaa-49a5-9b38-6878ad4220bc}: "URL" = http://www.searchamo...t=webs&bar=true
IE - HKU\S-1-5-21-1606980848-1417001333-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.searchamo...t=webs&bar=true
IE - HKU\S-1-5-21-1606980848-1417001333-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.searchamo...t=webs&bar=true
IE - HKU\S-1-5-21-1606980848-1417001333-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchamong.com
IE - HKU\S-1-5-21-1606980848-1417001333-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.searchamo...t=webs&bar=true
IE - HKU\S-1-5-21-1606980848-1417001333-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchamo...t=webs&bar=true
IE - HKU\S-1-5-21-1606980848-1417001333-1801674531-1003\..\SearchScopes\{154d339e-ccaa-49a5-9b38-6878ad4220bc}: "URL" = http://www.searchamo...t=webs&bar=true
IE - HKU\S-1-5-21-1606980848-1417001333-1801674531-1003\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT1060933
[2011/11/28 23:30:50 | 000,000,000 | ---D | M] (Freecorder Community Toolbar) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\qm52wcga.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
[2010/10/20 15:40:12 | 000,000,923 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\qm52wcga.default\searchplugins\conduit.xml
O3 - HKU\S-1-5-21-1606980848-1417001333-1801674531-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKU\S-1-5-21-1606980848-1417001333-1801674531-1003..\Run: [AdobeBridge] File not found
O4 - HKU\.DEFAULT..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 File not found
O4 - HKU\S-1-5-18..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 File not found
O4 - Startup: C:\Documents and Settings\HelpAssistant\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk = File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
[2012/08/19 22:52:41 | 000,419,554 | ---- | C] (SearchAmong ) -- C:\Documents and Settings\User\Application Data\satoolbar.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2012/08/21 11:44:28 | 000,007,557 | ---- | M] ()(C:\Documents and Settings\User\??j) -- C:\Documents and Settings\User\漀ѽj
[2012/08/21 11:43:25 | 000,007,656 | ---- | M] ()(C:\Documents and Settings\User\??z) -- C:\Documents and Settings\User\�Ѹz
[2012/08/08 20:17:23 | 000,000,759 | ---- | M] ()(C:\WINDOWS\System32\??p) -- C:\WINDOWS\System32\脀Ѹp
[2012/08/08 20:17:22 | 000,000,792 | ---- | M] ()(C:\WINDOWS\System32\??r) -- C:\WINDOWS\System32\脀Ѹr
[2012/08/08 20:17:21 | 000,000,759 | ---- | M] ()(C:\WINDOWS\System32\??h) -- C:\WINDOWS\System32\漀ѽh
[2012/08/08 20:17:20 | 000,000,825 | ---- | M] ()(C:\WINDOWS\System32\??x) -- C:\WINDOWS\System32\Ѹx
[2012/08/08 20:16:44 | 000,001,947 | ---- | M] ()(C:\WINDOWS\System32\??z) -- C:\WINDOWS\System32\�Ѹz
[2012/07/18 22:32:19 | 000,000,528 | ---- | M] ()(C:\Documents and Settings\User\??x) -- C:\Documents and Settings\User\Ѹx
[2010/08/26 07:44:32 | 000,000,033 | ---- | M] ()(C:\WINDOWS\System32\??j) -- C:\WINDOWS\System32\漀ѽj
[2010/08/26 07:44:31 | 000,000,033 | ---- | C] ()(C:\WINDOWS\System32\??j) -- C:\WINDOWS\System32\漀ѽj
[2010/08/16 09:35:39 | 000,000,792 | ---- | C] ()(C:\WINDOWS\System32\??r) -- C:\WINDOWS\System32\脀Ѹr
[2010/08/16 09:35:39 | 000,000,759 | ---- | C] ()(C:\WINDOWS\System32\??p) -- C:\WINDOWS\System32\脀Ѹp
[2010/08/16 09:35:38 | 000,000,825 | ---- | C] ()(C:\WINDOWS\System32\??x) -- C:\WINDOWS\System32\Ѹx
[2010/08/16 09:35:38 | 000,000,759 | ---- | C] ()(C:\WINDOWS\System32\??h) -- C:\WINDOWS\System32\漀ѽh
[2010/08/16 09:35:38 | 000,000,528 | ---- | C] ()(C:\Documents and Settings\User\??x) -- C:\Documents and Settings\User\Ѹx
[2010/08/15 20:12:04 | 000,001,947 | ---- | C] ()(C:\WINDOWS\System32\??z) -- C:\WINDOWS\System32\�Ѹz
[2010/08/11 00:54:35 | 000,007,557 | ---- | C] ()(C:\Documents and Settings\User\??j) -- C:\Documents and Settings\User\漀ѽj
[2010/08/11 00:54:34 | 000,007,656 | ---- | C] ()(C:\Documents and Settings\User\??z) -- C:\Documents and Settings\User\�Ѹz

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Step Three: Run TDSSKiller

Download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


Step Four: How is your computer running?

Please let me know how your computer is running and what problems remain.

What I need in your next post:
1. The OTL log.
2. The TDSSKiller log, C:\TDSSKiller.[Version]_[Date]_[Time]_log.txt.
3. Let me know how your computer is running and what problems remain.
  • 0

#5
jester1525
Posted 26 August 2012 - 09:44 PM

jester1525

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
OTL did something funny.. it just shut everything down - all I had was blank desktop and the mouse cursor for a couple hours. Nothing was running on the computer but the fans. I did a restart and did run the OTL Quick Scan, which is below. I did not run the other program because I wanted to see if you could tell me if I needed to try the OTL with the code you gave me a second time or if it ran correctly.

Please advise.

Thanks!


OTL Quick Scan Log:


OTL logfile created on: 8/26/2012 9:26:04 PM - Run 4
OTL by OldTimer - Version 3.2.58.1 Folder = C:\Documents and Settings\User\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.20 Gb Available Physical Memory | 73.29% Memory free
3.86 Gb Paging File | 3.24 Gb Available in Paging File | 83.88% Paging File free
Paging file location(s): C:\pagefile.sys 1046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 203.63 Gb Free Space | 43.72% Space Free | Partition Type: NTFS
Drive I: | 7.44 Gb Total Space | 6.31 Gb Free Space | 84.79% Space Free | Partition Type: FAT32

Computer Name: DEN | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/21 20:33:17 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
PRC - [2012/08/15 18:13:54 | 007,316,480 | ---- | M] (Google Inc.) -- C:\Documents and Settings\User\Local Settings\Application Data\Programs\Google\MusicManager\MusicManager.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/01/03 23:50:59 | 000,040,376 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
PRC - [2012/01/03 09:23:11 | 000,640,440 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2012/01/03 09:23:05 | 000,148,928 | ---- | M] (Adobe Systems Incorporated.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrodist.exe
PRC - [2011/11/02 02:00:44 | 000,090,448 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2011/03/21 12:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/08/20 10:36:38 | 001,578,496 | ---- | M] (X-Rite Inc.) -- C:\Program Files\X-Rite\Devices\Services\i1Pro\i1ProDeviceService.exe
PRC - [2010/08/10 20:08:54 | 000,141,312 | ---- | M] (X-Rite Inc.) -- C:\Program Files\X-Rite\Devices\Services\xritedeviced.exe
PRC - [2009/07/08 12:31:24 | 000,236,016 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
PRC - [2009/07/08 12:29:34 | 000,018,416 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
PRC - [2008/05/01 16:41:38 | 000,136,488 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
PRC - [2008/05/01 16:40:44 | 003,032,360 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Pen_Tablet.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/31 17:29:06 | 000,196,608 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
PRC - [2007/06/05 14:20:32 | 000,177,704 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/15 18:02:40 | 000,344,064 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\Programs\Google\MusicManager\libaudioenc.dll
MOD - [2012/08/15 18:02:30 | 000,231,936 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\Programs\Google\MusicManager\libmpgdec.dll
MOD - [2012/08/15 18:01:44 | 000,231,936 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\Programs\Google\MusicManager\libid3tag.dll
MOD - [2012/08/15 18:01:38 | 000,117,248 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\Programs\Google\MusicManager\libaacdec.dll
MOD - [2012/08/15 17:52:20 | 000,241,664 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MultiDesk.HydraVision.Dashboard\2.0.3548.36920__90ba9c70f846762e\CLI.Aspect.MultiDesk.HydraVision.Dashboard.dll
MOD - [2012/08/15 17:52:20 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MDProp.HydraVision.Dashboard\2.0.3548.36919__90ba9c70f846762e\CLI.Aspect.MDProp.HydraVision.Dashboard.dll
MOD - [2012/08/15 17:52:20 | 000,163,840 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeskMan.HydraVision.Dashboard\2.0.3548.36918__90ba9c70f846762e\CLI.Aspect.DeskMan.HydraVision.Dashboard.dll
MOD - [2012/08/15 17:52:20 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Grid.HydraVision.Runtime\2.0.3548.36915__90ba9c70f846762e\CLI.Aspect.Grid.HydraVision.Runtime.dll
MOD - [2012/08/15 17:52:20 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeskMan.HydraVision.Runtime\2.0.3548.36918__90ba9c70f846762e\CLI.Aspect.DeskMan.HydraVision.Runtime.dll
MOD - [2012/08/15 17:52:20 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MultiDesk.HydraVision.Runtime\2.0.3548.36920__90ba9c70f846762e\CLI.Aspect.MultiDesk.HydraVision.Runtime.dll
MOD - [2012/08/15 17:52:20 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MDProp.HydraVision.Runtime\2.0.3548.36919__90ba9c70f846762e\CLI.Aspect.MDProp.HydraVision.Runtime.dll
MOD - [2012/08/15 17:52:20 | 000,012,800 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeskMan.HydraVision.Shared\2.0.3548.36918__90ba9c70f846762e\CLI.Aspect.DeskMan.HydraVision.Shared.dll
MOD - [2012/08/15 17:52:20 | 000,010,240 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MDProp.HydraVision.Shared\2.0.3548.36919__90ba9c70f846762e\CLI.Aspect.MDProp.HydraVision.Shared.dll
MOD - [2012/08/15 17:52:20 | 000,010,240 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Grid.HydraVision.Shared\2.0.3548.36914__90ba9c70f846762e\CLI.Aspect.Grid.HydraVision.Shared.dll
MOD - [2012/08/15 17:52:20 | 000,009,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MultiDesk.HydraVision.Shared\2.0.3548.36919__90ba9c70f846762e\CLI.Aspect.MultiDesk.HydraVision.Shared.dll
MOD - [2012/08/15 17:52:19 | 001,736,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3548.36830__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2012/08/15 17:52:19 | 000,364,544 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3548.36811__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2012/08/15 17:52:19 | 000,311,296 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HydraVision.Wizard\2.0.3548.36921__90ba9c70f846762e\CLI.Aspect.HydraVision.Wizard.dll
MOD - [2012/08/15 17:52:19 | 000,204,800 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3548.36831__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2012/08/15 17:52:19 | 000,147,456 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Grid.HydraVision.Dashboard\2.0.3548.36914__90ba9c70f846762e\CLI.Aspect.Grid.HydraVision.Dashboard.dll
MOD - [2012/08/15 17:52:19 | 000,077,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3548.36882__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2012/08/15 17:52:19 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3548.36825__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2012/08/15 17:52:19 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3548.36854__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2012/08/15 17:52:19 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3548.36820__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2012/08/15 17:52:19 | 000,011,776 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Runtime\2.0.3548.36914__90ba9c70f846762e\CLI.Caste.HydraVision.Runtime.dll
MOD - [2012/08/15 17:52:19 | 000,008,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Shared\2.0.3548.36913__90ba9c70f846762e\CLI.Caste.HydraVision.Shared.dll
MOD - [2012/08/15 17:52:19 | 000,007,680 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Wizard\2.0.3548.36918__90ba9c70f846762e\CLI.Caste.HydraVision.Wizard.dll
MOD - [2012/08/15 17:52:19 | 000,007,680 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Dashboard\2.0.3548.36914__90ba9c70f846762e\CLI.Caste.HydraVision.Dashboard.dll
MOD - [2012/08/15 17:52:18 | 000,491,520 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3548.36901__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2012/08/15 17:52:18 | 000,094,208 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3548.36869__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2012/08/15 17:52:18 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3548.36820__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2012/08/15 17:52:18 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3548.36863__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2012/08/15 17:52:18 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Dashboard\2.0.3548.36830__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Dashboard.dll
MOD - [2012/08/15 17:52:18 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3548.36902__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2012/08/15 17:52:18 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Runtime\2.0.3548.36830__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Runtime.dll
MOD - [2012/08/15 17:52:17 | 000,077,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.3548.36912__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.dll
MOD - [2012/08/15 17:52:17 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3548.36868__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2012/08/15 17:52:16 | 000,823,296 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3548.36856__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2012/08/15 17:52:16 | 000,573,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3548.36832__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2012/08/15 17:52:16 | 000,409,600 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3548.36877__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2012/08/15 17:52:16 | 000,409,600 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3548.36821__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2012/08/15 17:52:16 | 000,196,608 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3548.36831__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2012/08/15 17:52:16 | 000,094,208 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3548.36855__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2012/08/15 17:52:16 | 000,094,208 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3548.36861__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2012/08/15 17:52:16 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3548.36861__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2012/08/15 17:52:15 | 000,393,216 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3548.36855__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2012/08/15 17:52:15 | 000,360,448 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3548.36850__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2012/08/15 17:52:15 | 000,270,336 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2012/08/15 17:52:15 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3548.36854__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2012/08/15 17:52:15 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3548.36836__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2012/08/15 17:52:15 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3548.36855__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2012/08/15 17:52:15 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3548.36862__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2012/08/15 17:52:14 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3531.24440__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2012/08/15 17:52:14 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3531.24439__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2012/08/15 17:52:14 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3531.24478__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2012/08/15 17:52:14 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3531.24559__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll
MOD - [2012/08/15 17:52:14 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3531.24552__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2012/08/15 17:52:14 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3531.24471__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2012/08/15 17:52:14 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3531.24549__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2012/08/15 17:52:14 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2012/08/15 17:52:13 | 000,139,264 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3531.24451__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2012/08/15 17:52:13 | 000,098,304 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.3531.24414__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2012/08/15 17:52:13 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2012/08/15 17:52:13 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.3531.24410__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2012/08/15 17:52:13 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3531.24412__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2012/08/15 17:52:13 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3531.24636__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2012/08/15 17:52:13 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3531.24442__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2012/08/15 17:52:13 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.dll
MOD - [2012/08/15 17:52:13 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3531.24449__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2012/08/15 17:52:13 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3531.24426__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2012/08/15 17:52:13 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.3531.24466__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2012/08/15 17:52:13 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2012/08/15 17:52:13 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.3531.24494__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2012/08/15 17:52:13 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2012/08/15 17:52:13 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3531.24455__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2012/08/15 17:52:13 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3531.24498__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2012/08/15 17:52:13 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3531.24460__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2012/08/15 17:52:12 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3531.24511__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2012/08/15 17:52:12 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.3531.24556__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.dll
MOD - [2012/08/15 17:52:12 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3531.24504__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2012/08/15 17:52:12 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3531.24510__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2012/08/15 17:52:12 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3531.24502__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2012/08/15 17:52:12 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3531.24538__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2012/08/15 17:52:12 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3531.24476__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2012/08/15 17:52:12 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3531.24499__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2012/08/15 17:52:12 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3531.24495__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2012/08/15 17:52:12 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3531.24506__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2012/08/15 17:52:12 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Shared\2.0.3531.24498__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Shared.dll
MOD - [2012/08/15 17:52:12 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3531.24472__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2012/08/15 17:52:11 | 000,651,264 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3548.36926__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll
MOD - [2012/08/15 17:52:11 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3531.24503__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2012/08/15 17:52:11 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3548.36907__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2012/08/15 17:52:11 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3531.24509__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2012/08/15 17:52:11 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3531.24467__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2012/08/15 17:52:11 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3531.24435__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll
MOD - [2012/08/15 17:52:11 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.3531.24469__90ba9c70f846762e\APM.Foundation.dll
MOD - [2012/08/15 17:52:11 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3531.24441__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2012/08/15 17:52:11 | 000,014,848 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
MOD - [2012/08/15 17:52:11 | 000,013,312 | ---- | M] () -- C:\WINDOWS\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll
MOD - [2012/08/15 17:52:11 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3548.36809__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2012/08/15 17:52:10 | 000,561,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3548.36890__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2012/08/15 17:52:10 | 000,405,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3548.36825__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2012/08/15 17:52:10 | 000,106,496 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.3548.36896__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2012/08/15 17:52:10 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3548.36894__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2012/08/15 17:52:10 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3548.36809__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2012/08/15 17:52:10 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3548.36810__90ba9c70f846762e\CLI.Component.SkinFactory.dll
MOD - [2012/08/15 17:52:10 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3531.24457__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2012/08/15 17:52:10 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3531.24420__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2012/08/15 17:52:10 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3531.24429__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2012/08/15 17:52:10 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3531.24462__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2012/08/15 17:52:10 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3531.24459__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2012/08/15 17:52:09 | 001,220,608 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3548.36816__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2012/08/15 17:52:09 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3531.24445__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2012/08/15 17:52:09 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3531.24463__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2012/08/15 17:52:08 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2012/08/15 17:52:08 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3531.24513__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2012/08/15 17:52:08 | 000,019,456 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.3548.36896__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2012/08/15 17:52:07 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.3548.36807__90ba9c70f846762e\APM.Server.dll
MOD - [2012/08/15 17:52:07 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.3548.36808__90ba9c70f846762e\AEM.Server.dll
MOD - [2012/08/15 17:37:40 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\Programs\Google\MusicManager\imageformats\qgif4.dll
MOD - [2012/08/15 17:37:24 | 010,683,392 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\Programs\Google\MusicManager\QtWebKit4.dll
MOD - [2012/08/15 17:37:22 | 007,741,952 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\Programs\Google\MusicManager\QtGui4.dll
MOD - [2012/08/15 17:37:22 | 001,681,408 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\Programs\Google\MusicManager\QtNetwork4.dll
MOD - [2012/08/15 17:37:20 | 002,248,192 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\Programs\Google\MusicManager\QtCore4.dll
MOD - [2012/06/13 03:33:16 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll
MOD - [2012/06/13 03:28:01 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll
MOD - [2012/06/13 03:27:47 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll
MOD - [2012/06/13 03:24:42 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2012/05/11 03:21:18 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
MOD - [2012/05/11 03:17:39 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\016444dfc5f7e3d11c776f2fbc7a4594\Accessibility.ni.dll
MOD - [2012/05/11 03:16:07 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012/05/11 03:14:30 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012/05/11 03:14:21 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2012/01/08 07:41:12 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2011/11/03 09:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/09/27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/21 12:57:34 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/03/21 12:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2009/11/26 02:08:23 | 000,049,152 | ---- | M] () -- C:\WINDOWS\system32\LXECPMON.DLL
MOD - [2009/08/28 16:08:26 | 000,016,384 | R--- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
MOD - [2009/08/11 21:18:28 | 000,497,664 | ---- | M] () -- C:\WINDOWS\system32\ac3filter.acm
MOD - [2009/02/27 16:39:29 | 000,019,968 | ---- | M] () -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AcroTray.DEU
MOD - [2009/02/27 16:32:27 | 000,020,480 | ---- | M] () -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AcroTray.FRA
MOD - [2009/01/13 09:15:12 | 004,485,120 | ---- | M] () -- C:\WINDOWS\system32\LXECoem.dll
MOD - [2008/04/14 05:42:44 | 000,148,992 | ---- | M] () -- C:\WINDOWS\system32\mpg2splt.ax
MOD - [2008/04/14 05:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 05:41:54 | 000,498,742 | ---- | M] () -- C:\WINDOWS\system32\dxmasf.dll
MOD - [2008/04/14 05:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/06/05 14:20:32 | 000,177,704 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
MOD - [2004/08/04 06:00:00 | 000,015,360 | ---- | M] () -- C:\WINDOWS\system32\tsd32.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/08/22 17:52:30 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/20 13:54:24 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/08/20 10:36:38 | 001,578,496 | ---- | M] (X-Rite Inc.) [Auto | Running] -- C:\Program Files\X-Rite\Devices\Services\i1Pro\i1ProDeviceService.exe -- (i1 Pro Service)
SRV - [2010/08/10 20:08:54 | 000,141,312 | ---- | M] (X-Rite Inc.) [Auto | Running] -- C:\Program Files\X-Rite\Devices\Services\xritedeviced.exe -- (xritedeviced)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2008/12/05 09:17:40 | 000,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)
SRV - [2008/11/30 01:30:06 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/05/01 16:40:44 | 003,032,360 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\WINDOWS\system32\Pen_Tablet.exe -- (TabletServicePen)
SRV - [2007/06/05 14:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)
SRV - [2007/03/20 17:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\PciCon.sys -- (PciCon)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/07/12 19:29:22 | 001,270,120 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rtwlanu.sys -- (RTL8192cu)
DRV - [2011/01/26 23:34:32 | 006,406,656 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2010/09/28 07:50:50 | 000,015,872 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\XPTWOPORT.sys -- (XPTWOPORT)
DRV - [2009/08/19 06:05:56 | 000,100,368 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2008/08/01 18:36:26 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008/08/01 18:36:20 | 000,054,784 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2008/03/17 14:14:52 | 000,015,144 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV - [2008/02/01 18:12:36 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2008/02/01 18:12:36 | 000,004,962 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)
DRV - [2008/01/15 14:11:46 | 000,013,480 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2007/08/09 13:11:40 | 000,102,400 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvgts.sys -- (nvgts)
DRV - [2007/02/16 13:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2007/02/15 18:11:28 | 000,011,440 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WacomVKHid.sys -- (WacomVKHid)
DRV - [2006/03/18 04:18:58 | 000,392,960 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2005/11/24 20:51:38 | 000,245,248 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {154d339e-ccaa-49a5-9b38-6878ad4220bc}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{154d339e-ccaa-49a5-9b38-6878ad4220bc}: "URL" = http://www.searchamo...t=webs&bar=true
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.searchamo...t=webs&bar=true
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.searchamo...t=webs&bar=true
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchamong.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.searchamo...t=webs&bar=true
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchamo...t=webs&bar=true
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{154d339e-ccaa-49a5-9b38-6878ad4220bc}: "URL" = http://www.searchamo...t=webs&bar=true
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.ca...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT1060933
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.facebook...www.google.ca/"
FF - prefs.js..keyword.URL: "http://www.google.co...-8&oe=utf-8&q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\User\Application Data\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\User\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/04/28 08:18:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/04/28 08:18:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/08/08 20:59:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/23 15:32:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/08/08 20:59:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.11\extensions\\Components: C:\Program Files\SeaMonkey\components [2012/08/08 20:59:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.11\extensions\\Plugins: C:\Program Files\SeaMonkey\plugins

[2009/03/05 11:35:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions
[2012/08/15 23:20:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\qm52wcga.default\extensions
[2009/09/09 08:29:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\qm52wcga.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe41}
[2011/11/28 23:30:50 | 000,000,000 | ---D | M] (Freecorder Community Toolbar) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\qm52wcga.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
[2011/03/15 17:57:01 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\qm52wcga.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/10/22 07:53:04 | 000,000,000 | ---D | M] (History Submenus) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\qm52wcga.default\extensions\{7102aba3-045c-4ec2-b921-46d87636d84b}
[2012/05/16 22:19:48 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\qm52wcga.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012/03/26 19:16:34 | 000,000,000 | ---D | M] (FoxLingo) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\qm52wcga.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}
[2010/10/22 07:53:05 | 000,000,000 | ---D | M] (AnyColor) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\qm52wcga.default\extensions\[email protected]
[2011/03/19 12:02:12 | 000,000,000 | ---D | M] (Personas) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\qm52wcga.default\extensions\[email protected]
[2012/07/26 22:12:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\SeaMonkey\Profiles\t5o8xgjp.default\extensions
[2009/10/21 07:42:14 | 000,002,279 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\qm52wcga.default\searchplugins\ask.xml
[2010/10/20 15:40:12 | 000,000,923 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\qm52wcga.default\searchplugins\conduit.xml
[2012/08/23 15:27:35 | 000,002,282 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\qm52wcga.default\searchplugins\surf-canyon.xml
[2012/08/23 15:27:36 | 000,002,112 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\qm52wcga.default\searchplugins\wot-safe-search.xml
[2009/10/21 07:42:14 | 000,000,573 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\qm52wcga.default\searchplugins\yahoo.xml
[2011/11/13 19:03:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/08/15 23:20:42 | 000,166,004 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\QM52WCGA.DEFAULT\EXTENSIONS\{A64F9D1E-FA5E-11DA-A187-6B94C2ED2B83}.XPI
[2011/10/10 13:20:18 | 000,254,273 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\QM52WCGA.DEFAULT\EXTENSIONS\{CE6E6E3B-84DD-4CAC-9F63-8D2AE4F30A4B}.XPI
[2012/08/09 23:22:55 | 000,045,226 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\QM52WCGA.DEFAULT\EXTENSIONS\{EF522540-89F5-46B9-B6FE-1829E2B572C6}.XPI
[2012/02/12 22:44:02 | 000,061,854 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\QM52WCGA.DEFAULT\EXTENSIONS\[email protected]
[2012/07/20 13:54:25 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2007/06/21 18:38:54 | 000,079,432 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll
[2007/06/21 18:38:56 | 000,071,240 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\confmgr.dll
[2007/06/21 18:39:18 | 000,034,376 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\logging.dll
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2007/06/21 18:39:34 | 000,325,200 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll
[2007/06/21 18:40:02 | 000,030,280 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll
[2011/09/28 18:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/13 19:03:40 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.83\pdf.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Documents and Settings\User\Application Data\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Unity Player (Enabled) = C:\Documents and Settings\User\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: DivX HiQ = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\
CHR - Extension: Google Bookmarks = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mnedccijmniojgaehpjebjfpkmafecho\0.6.1_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\
CHR - Extension: Google Reader = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjjhlfkghdhmijklfnahfkpgmhcmfgcm\4.3_0\

O1 HOSTS File: ([2009/12/22 05:13:44 | 000,625,907 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 fr.a2dfp.net
O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1 achmedia.com
O1 - Hosts: 127.0.0.1 aconti.net
O1 - Hosts: 127.0.0.1 secure.aconti.net
O1 - Hosts: 127.0.0.1 www.aconti.net #[Dialer.Aconti]
O1 - Hosts: 127.0.0.1 ads.active.com
O1 - Hosts: 127.0.0.1 am1.activemeter.com
O1 - Hosts: 127.0.0.1 www.activemeter.com #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ads.activepower.net
O1 - Hosts: 127.0.0.1 data2.activshopper.com #[Trackware.ActivShopper]
O1 - Hosts: 127.0.0.1 stat.active24stats.nl #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ad2games.com
O1 - Hosts: 127.0.0.1 cms.ad2click.nl
O1 - Hosts: 127.0.0.1 ads.ad2games.com
O1 - Hosts: 127.0.0.1 content.ad20.net
O1 - Hosts: 16591 more lines...
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [MusicManager] C:\Documents and Settings\User\Local Settings\Application Data\Programs\Google\MusicManager\MusicManager.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\User\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Privacy present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {395E58B9-090C-461A-8F27-087D1C727945} http://conference.rship.ca/joinie.cab (Web Conferencing)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1227746001859 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 75.153.176.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2CCD4236-278F-41E7-BB2A-BBFEF7B0187B}: NameServer = 156.154.70.22,156.154.71.22
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{407DEE13-CA4E-4EB2-ADD2-780776220F8D}: NameServer = 156.154.70.22,156.154.71.22
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7B45EF8D-71DB-4BDB-BA84-A895D63AFD3C}: DhcpNameServer = 192.168.1.254 75.153.176.1
O18 - Protocol\Handler\intu-qt2008 {05E53CE9-66C8-4a9e-A99F-FDB7A8E7B596} - C:\Program Files\QuickTax 2008\ic2008pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\intu-qt2009 {03947252-2355-4e9b-B446-8CCC75C43370} - C:\Program Files\QuickTax 2009\ic2009pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\intu-tt2010 {97A0575E-2309-4e75-8509-B1F9390C4DE7} - C:\Program Files\TurboTax 2010\ic2010pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\intu-tt2011 {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - C:\Program Files\TurboTax 2011\ic2011pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/11/26 18:59:53 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{d6df7c60-673e-11e0-9370-002215063492}\Shell - "" = AutoRun
O33 - MountPoints2\{d6df7c60-673e-11e0-9370-002215063492}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d6df7c60-673e-11e0-9370-002215063492}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL drivers\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/26 20:30:36 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/08/26 20:28:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2012/08/23 15:32:45 | 000,000,000 | ---D | C] -- C:\Program Files\Citrix
[2012/08/21 21:32:36 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\User\Desktop\aswMBR.exe
[2012/08/19 22:52:51 | 000,442,560 | ---- | C] (Shlemoon Media Inc) -- C:\Documents and Settings\User\Application Data\fdmer.exe
[2012/08/19 22:52:48 | 000,525,312 | ---- | C] (BrowserSetter) -- C:\Documents and Settings\User\Application Data\bsetter-own.exe
[2012/08/19 22:52:48 | 000,000,000 | ---D | C] -- C:\Program Files\Freedom Download Manager
[2012/08/19 22:52:44 | 000,457,789 | ---- | C] (Freedom Download Manager ) -- C:\Documents and Settings\User\Application Data\fdm-setup.exe
[2012/08/19 22:52:41 | 000,419,554 | ---- | C] (SearchAmong ) -- C:\Documents and Settings\User\Application Data\satoolbar.exe
[2012/08/18 22:57:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2012/08/18 22:57:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Security Task Manager
[2012/08/18 22:57:48 | 000,000,000 | ---D | C] -- C:\Program Files\Security Task Manager
[2012/08/15 18:53:21 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2012/08/15 18:00:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\ATI
[2012/08/15 18:00:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\ATI
[2012/08/15 18:00:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ATI
[2012/08/15 17:52:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Start Menu\Programs\ATI Problem Report Wizard
[2012/08/15 17:52:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Start Menu\Programs\Catalyst Control Center
[2012/08/15 17:51:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2012/08/15 17:51:13 | 000,100,368 | ---- | C] (ATI Research Inc.) -- C:\WINDOWS\System32\drivers\AtiHdmi.sys
[2012/08/15 17:47:11 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2012/08/15 17:47:08 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2012/08/15 17:46:16 | 000,000,000 | ---D | C] -- C:\AMD
[2012/08/15 11:59:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\Performance
[2012/08/15 11:58:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Microsoft Corporation
[2012/08/15 11:55:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows 7 Upgrade Advisor
[2012/08/15 00:20:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CPA_VA
[2012/08/15 00:19:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Comodo
[2012/08/15 00:18:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\COMODO
[2012/08/15 00:10:38 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\User\Recent
[2012/08/15 00:09:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2012/08/14 23:14:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\Music
[2012/08/14 23:12:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\jpg, ai, png etc
[2012/08/08 20:59:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Start Menu\Programs\QuickTime
[2012/08/08 20:58:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2012/08/08 19:09:15 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2012/08/03 18:10:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Start Menu\Programs\REALTEK 11n USB Wireless LAN Utility
[2012/08/03 18:09:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\OPTIONS
[2012/08/03 18:09:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\RtlGina
[2012/08/03 18:09:27 | 000,000,000 | ---D | C] -- C:\Program Files\REALTEK
[2012/07/30 22:14:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Start Menu\Programs\Music Manager
[2012/07/30 22:14:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Programs
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/26 21:33:30 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/08/26 21:23:38 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/26 21:23:36 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/08/26 21:23:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/08/26 20:28:22 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\User\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/08/26 20:28:09 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\User\Desktop\NTREGOPT.lnk
[2012/08/26 20:28:09 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\User\Desktop\ERUNT.lnk
[2012/08/26 19:52:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/08/26 19:49:41 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-1417001333-1801674531-1003UA.job
[2012/08/26 19:45:54 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{AB64F500-7EC3-4490-A99E-ECE2065DE0B3}.job
[2012/08/26 19:44:07 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/23 13:49:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-1417001333-1801674531-1003Core.job
[2012/08/23 12:30:00 | 000,000,364 | ---- | M] () -- C:\WINDOWS\tasks\RegistryConvoy.job
[2012/08/23 02:00:00 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-DEN-User.job
[2012/08/22 21:51:18 | 001,696,865 | ---- | M] () -- C:\Documents and Settings\User\Desktop\learning_linkedin_from_the_experts_2012_april.pdf
[2012/08/22 21:51:14 | 001,620,121 | ---- | M] () -- C:\Documents and Settings\User\Desktop\how_to_attract_customers_with_twitter.pdf
[2012/08/22 21:51:06 | 001,457,574 | ---- | M] () -- C:\Documents and Settings\User\Desktop\guide_to_facebook_business_page_timelines.pdf
[2012/08/22 21:13:45 | 000,825,443 | ---- | M] () -- C:\Documents and Settings\User\Desktop\IMAG0158.jpg
[2012/08/22 20:50:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/08/21 21:34:40 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\User\Desktop\MBR.dat
[2012/08/21 21:32:33 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\User\Desktop\aswMBR.exe
[2012/08/21 20:33:17 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2012/08/21 16:50:55 | 000,002,277 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Google Chrome.lnk
[2012/08/21 16:50:55 | 000,002,255 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/08/21 15:07:27 | 000,001,984 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/08/19 22:52:53 | 000,442,560 | ---- | M] (Shlemoon Media Inc) -- C:\Documents and Settings\User\Application Data\fdmer.exe
[2012/08/19 22:52:50 | 000,525,312 | ---- | M] (BrowserSetter) -- C:\Documents and Settings\User\Application Data\bsetter-own.exe
[2012/08/19 22:52:47 | 000,457,789 | ---- | M] (Freedom Download Manager ) -- C:\Documents and Settings\User\Application Data\fdm-setup.exe
[2012/08/19 22:52:43 | 000,419,554 | ---- | M] (SearchAmong ) -- C:\Documents and Settings\User\Application Data\satoolbar.exe
[2012/08/19 16:48:30 | 000,067,568 | ---- | M] () -- C:\Documents and Settings\User\Desktop\TV.JPG
[2012/08/17 20:55:24 | 006,260,697 | ---- | M] () -- C:\Documents and Settings\User\Desktop\seaworld.JPG
[2012/08/16 03:01:23 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/08/15 19:16:46 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/08/15 17:50:56 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ativpsrm.bin
[2012/08/15 03:17:16 | 003,889,280 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/08/15 00:10:19 | 000,188,054 | ---- | M] () -- C:\Documents and Settings\User\My Documents\cc_20120815_001004.reg
[2012/08/14 23:37:14 | 000,001,141 | ---- | M] () -- C:\WINDOWS\System32\{1606DC18-9578-4cbd-8312-8E9868F06A1D}.conf
[2012/08/14 23:37:14 | 000,000,404 | ---- | M] () -- C:\WINDOWS\System32\{7995330B-E01F-4645-B702-53481E7CB778}.cmdfile
[2012/08/05 19:59:36 | 000,069,120 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/08/03 18:10:01 | 000,376,832 | ---- | M] () -- C:\WINDOWS\System32\AegisI5Installer.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/26 20:28:22 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\User\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/08/26 20:28:09 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\User\Desktop\NTREGOPT.lnk
[2012/08/26 20:28:09 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\User\Desktop\ERUNT.lnk
[2012/08/22 21:51:19 | 001,696,865 | ---- | C] () -- C:\Documents and Settings\User\Desktop\learning_linkedin_from_the_experts_2012_april.pdf
[2012/08/22 21:51:16 | 001,620,121 | ---- | C] () -- C:\Documents and Settings\User\Desktop\how_to_attract_customers_with_twitter.pdf
[2012/08/22 21:51:10 | 001,457,574 | ---- | C] () -- C:\Documents and Settings\User\Desktop\guide_to_facebook_business_page_timelines.pdf
[2012/08/22 21:13:51 | 000,825,443 | ---- | C] () -- C:\Documents and Settings\User\Desktop\IMAG0158.jpg
[2012/08/22 17:34:56 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/08/21 21:34:40 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\User\Desktop\MBR.dat
[2012/08/19 16:48:37 | 000,067,568 | ---- | C] () -- C:\Documents and Settings\User\Desktop\TV.JPG
[2012/08/17 20:55:22 | 006,260,697 | ---- | C] () -- C:\Documents and Settings\User\Desktop\seaworld.JPG
[2012/08/16 22:58:57 | 000,002,277 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Google Chrome.lnk
[2012/08/15 23:45:41 | 000,006,045 | ---- | C] () -- C:\WINDOWS\System32\nvnrm.nvu
[2012/08/15 23:45:41 | 000,004,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2012/08/15 19:21:11 | 000,270,142 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Minecraft.exe
[2012/08/15 17:50:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2012/08/15 17:50:10 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2012/08/15 17:50:10 | 000,578,048 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.cap
[2012/08/15 17:50:10 | 000,227,587 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2012/08/15 17:50:10 | 000,030,707 | ---- | C] () -- C:\WINDOWS\atiogl.xml
[2012/08/15 17:50:10 | 000,007,167 | ---- | C] () -- C:\WINDOWS\System32\atifglpf.xml
[2012/08/15 17:50:10 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2012/08/15 11:55:52 | 000,001,868 | ---- | C] () -- C:\Documents and Settings\User\Start Menu\Programs\Windows 7 Upgrade Advisor.lnk
[2012/08/15 00:24:42 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2012/08/15 00:10:07 | 000,188,054 | ---- | C] () -- C:\Documents and Settings\User\My Documents\cc_20120815_001004.reg
[2012/08/14 23:37:14 | 000,000,404 | ---- | C] () -- C:\WINDOWS\System32\{7995330B-E01F-4645-B702-53481E7CB778}.cmdfile
[2012/08/14 23:37:13 | 000,001,141 | ---- | C] () -- C:\WINDOWS\System32\{1606DC18-9578-4cbd-8312-8E9868F06A1D}.conf
[2012/08/03 18:09:57 | 000,376,832 | ---- | C] () -- C:\WINDOWS\System32\AegisI5Installer.exe
[2012/08/03 18:09:26 | 000,451,072 | ---- | C] () -- C:\WINDOWS\System32\ISSRemoveSP.exe
[2012/07/31 01:09:40 | 000,001,984 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/06/03 21:50:35 | 000,495,496 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/02/15 21:03:29 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/01/14 00:31:15 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2010/11/11 13:04:52 | 000,072,080 | ---- | C] () -- C:\Documents and Settings\User\g2mdlhlpx.exe
[2010/10/04 10:14:19 | 000,102,248 | ---- | C] () -- C:\Documents and Settings\User\GoToAssistDownloadHelper.exe
[2010/09/26 17:54:05 | 000,000,244 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2010/09/26 17:54:05 | 000,000,093 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2010/09/26 17:53:50 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2010/09/26 17:53:50 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2010/09/26 17:49:40 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\bridf08a.dat
[2010/09/26 17:49:32 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2010/09/26 17:49:32 | 000,000,086 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini
[2010/09/26 17:49:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2010/09/26 17:46:24 | 000,031,767 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2010/09/23 16:10:00 | 000,096,888 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/09/23 15:24:37 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2010/09/23 15:24:37 | 000,000,059 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2010/08/31 09:11:16 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\LXECPMON.DLL
[2010/08/31 09:11:16 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXECFXPU.DLL
[2010/08/31 09:10:56 | 004,485,120 | ---- | C] () -- C:\WINDOWS\System32\LXECoem.dll
[2010/08/31 08:58:01 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\LXECsmr.dll
[2010/08/31 08:58:00 | 000,299,008 | ---- | C] () -- C:\WINDOWS\System32\LXECsm.dll
[2010/06/08 07:47:16 | 000,058,202 | ---- | C] () -- C:\Program Files\Flash Professional CS5 Read Me.pdf
[2010/03/15 08:50:47 | 013,791,744 | ---- | C] () -- C:\Documents and Settings\User\BlackBerry_USB_and_Modem_Drivers_ENG.msi
[2008/12/10 14:24:42 | 000,000,550 | ---- | C] () -- C:\Documents and Settings\User\Shortcut to Desktop.lnk
[2008/12/02 16:13:29 | 000,069,120 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== LOP Check ==========

[2009/01/17 23:11:45 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2012/08/15 08:40:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CPA_VA
[2010/09/07 15:45:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lexmark Pro800-Pro900 Series
[2008/12/24 18:30:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2009/05/27 09:22:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PBGsavesDirectory
[2010/09/23 15:43:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2010/08/31 09:10:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pro800-Pro900 Series
[2010/06/08 08:42:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2010/08/11 00:23:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2010/09/26 17:46:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2012/08/18 23:12:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2009/12/27 22:16:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/11/01 19:28:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\X-Rite
[2012/08/01 20:19:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\.minecraft
[2011/05/11 08:23:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Amazon
[2009/03/03 21:51:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Astute Graphics
[2009/06/14 15:54:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Atari
[2010/05/12 19:29:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Blender Foundation
[2009/04/09 17:49:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Bump Technologies, Inc
[2011/02/11 00:55:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\calibre
[2009/02/18 17:10:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Canon
[2010/06/08 12:52:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/04/20 20:02:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/08/14 23:41:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Dropbox
[2010/03/10 14:41:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Facebook
[2012/07/26 23:02:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\FileZilla
[2009/03/07 18:37:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Filter Forge Freepack 1 - Metals
[2009/03/07 18:45:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Filter Forge Freepack 2 - Photo Effects
[2010/02/04 21:16:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\FontCreator
[2009/03/29 16:49:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\GarageGames
[2010/12/17 17:39:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\GetRightToGo
[2011/03/10 16:45:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\ICAClient
[2011/05/30 15:31:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\ImageDesktop.70A796F90E3A41D1B0A2F1D200C8BD1EF0788CF6.1
[2009/06/14 15:52:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Leadertech
[2009/09/28 08:37:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\LEGO Company
[2008/12/24 18:30:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\NCH Swift Sound
[2010/08/10 21:18:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\OverDrive
[2012/04/29 21:00:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\PriceGong
[2010/08/31 09:48:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Pro800-Pro900 Series
[2011/04/07 23:49:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Research In Motion
[2012/03/09 01:22:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\SecondLife
[2012/07/26 22:40:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\svBuilder
[2010/06/10 18:26:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\SWiSH Max3
[2011/04/07 14:23:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\TeamViewer
[2012/04/18 23:50:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Thunderbird
[2010/09/23 16:06:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2010/10/02 18:41:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Unity
[2010/05/13 08:30:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Wings3D
[2010/08/29 00:03:09 | 000,000,362 | ---- | M] () -- C:\WINDOWS\Tasks\Install_NSS.job
[2012/08/23 12:30:00 | 000,000,364 | ---- | M] () -- C:\WINDOWS\Tasks\RegistryConvoy.job
[2012/08/26 19:45:54 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{AB64F500-7EC3-4490-A99E-ECE2065DE0B3}.job

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2012/08/26 21:26:10 | 000,007,689 | ---- | M] ()(C:\Documents and Settings\User\??j) -- C:\Documents and Settings\User\漀ѽj
[2012/08/26 21:25:48 | 000,007,788 | ---- | M] ()(C:\Documents and Settings\User\??z) -- C:\Documents and Settings\User\�Ѹz
[2012/08/08 20:17:23 | 000,000,759 | ---- | M] ()(C:\WINDOWS\System32\??p) -- C:\WINDOWS\System32\脀Ѹp
[2012/08/08 20:17:22 | 000,000,792 | ---- | M] ()(C:\WINDOWS\System32\??r) -- C:\WINDOWS\System32\脀Ѹr
[2012/08/08 20:17:21 | 000,000,759 | ---- | M] ()(C:\WINDOWS\System32\??h) -- C:\WINDOWS\System32\漀ѽh
[2012/08/08 20:17:20 | 000,000,825 | ---- | M] ()(C:\WINDOWS\System32\??x) -- C:\WINDOWS\System32\Ѹx
[2012/08/08 20:16:44 | 000,001,947 | ---- | M] ()(C:\WINDOWS\System32\??z) -- C:\WINDOWS\System32\�Ѹz
[2012/07/18 22:32:19 | 000,000,528 | ---- | M] ()(C:\Documents and Settings\User\??x) -- C:\Documents and Settings\User\Ѹx
[2010/08/26 07:44:32 | 000,000,033 | ---- | M] ()(C:\WINDOWS\System32\??j) -- C:\WINDOWS\System32\漀ѽj
[2010/08/26 07:44:31 | 000,000,033 | ---- | C] ()(C:\WINDOWS\System32\??j) -- C:\WINDOWS\System32\漀ѽj
[2010/08/16 09:35:39 | 000,000,792 | ---- | C] ()(C:\WINDOWS\System32\??r) -- C:\WINDOWS\System32\脀Ѹr
[2010/08/16 09:35:39 | 000,000,759 | ---- | C] ()(C:\WINDOWS\System32\??p) -- C:\WINDOWS\System32\脀Ѹp
[2010/08/16 09:35:38 | 000,000,825 | ---- | C] ()(C:\WINDOWS\System32\??x) -- C:\WINDOWS\System32\Ѹx
[2010/08/16 09:35:38 | 000,000,759 | ---- | C] ()(C:\WINDOWS\System32\??h) -- C:\WINDOWS\System32\漀ѽh
[2010/08/16 09:35:38 | 000,000,528 | ---- | C] ()(C:\Documents and Settings\User\??x) -- C:\Documents and Settings\User\Ѹx
[2010/08/15 20:12:04 | 000,001,947 | ---- | C] ()(C:\WINDOWS\System32\??z) -- C:\WINDOWS\System32\�Ѹz
[2010/08/11 00:54:35 | 000,007,689 | ---- | C] ()(C:\Documents and Settings\User\??j) -- C:\Documents and Settings\User\漀ѽj
[2010/08/11 00:54:34 | 000,007,788 | ---- | C] ()(C:\Documents and Settings\User\??z) -- C:\Documents and Settings\User\�Ѹz

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\User\My Documents\Weather Watches & Warnings_...pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\User\My Documents\V8049297.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\User\My Documents\Untitled-1.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\User\My Documents\typeface periodical chart.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\User\My Documents\Silas Beezley Desc Chart_Page_3.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\User\My Documents\Silas Beezley Desc Chart_Page_2.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\User\My Documents\Silas Beezley Desc Chart_Page_1.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\User\My Documents\Silas Beezley Desc Chart.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\User\My Documents\shadow.png:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\User\My Documents\ram 5500.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\User\My Documents\pretty girls copy.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\User\My Documents\openrangerv.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\User\My Documents\New Image.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\User\My Documents\GURPS_Lite_Fourth_Edition.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\User\My Documents\frozen road.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\User\My Documents\Flash.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\User\My Documents\fireworks over Medicine Hat copy.png:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\User\My Documents\fence estimate by hillraisers.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\User\My Documents\fax cover sheet.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\User\My Documents\dreidel1.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\User\My Documents\city chrysler card.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\User\My Documents\CharacterSheet.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\User\My Documents\Cal - CMYK.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\User\My Documents\Boo!Planning.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\User\My Documents\Beezley.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\User\My Documents\background01 copy.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\User\My Documents\Autumn_Leaves_Herbarium.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\User\My Documents\ark.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\User\My Documents\10946_1273745001745_1173532228_30841053_6853930_n.jpg:Roxio EMC Stream
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >
  • 0

#6
blmadara
Posted 27 August 2012 - 12:11 PM

blmadara

    Trusted Helper

  • Malware Removal
  • 767 posts
Hi jester1525,

OK, let's try something else.

Step One: Install Recovery Console

With malware infections being as they are today, it's strongly recommended to have the Windows Recovery Console pre-installed on your machine before doing any malware removal.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

You will need your XP disk to perform this step. It's very important to install this before performing the next steps.

Instructions can be found here or here.

Step Two: Download and run ComboFix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop.

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks.
    Posted Image

    Posted Image
  • When finished, it will produce a log for you.
  • Please include the log C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" ComboFix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programs being marked for deletion then reboot, that will cure it.


Step Three: Download and run TDSSKiller

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step Four: How is your computer running?

Please let me know how your computer is running and what problems remain.



What I need in your next post:
1. The combofix log, C:\combofix.txt.
2. The TDSSKiller log, C:\TDSSKiller.[Version]_[Date]_[Time]_log.txt.
3. Let me know how your computer is running and what problems remain.
  • 0

#7
Dakeyras
Posted 02 September 2012 - 01:56 PM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#8
Dakeyras
Posted 05 September 2012 - 04:13 AM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Re-opened at OP's request...
  • 0

#9
blmadara
Posted 05 September 2012 - 09:01 AM

blmadara

    Trusted Helper

  • Malware Removal
  • 767 posts
Hi jester1525, welcome back!! I will have updated instructions for you to follow shortly.
  • 0

#10
blmadara
Posted 05 September 2012 - 12:04 PM

blmadara

    Trusted Helper

  • Malware Removal
  • 767 posts
Hi jester1525,

Combofix will install the recovery console automatically when you run it. This was broken when I posted the previous instructions to install it manually, but it has since been fixed.

Step One: Download and run ComboFix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop.

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks.
    Posted Image

    Posted Image
  • When finished, it will produce a log for you.
  • Please include the log C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" ComboFix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programs being marked for deletion then reboot, that will cure it.


Step Two: Download and run TDSSKiller

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step Three: How is your computer running?

Please let me know how your computer is running and what problems remain.



What I need in your next post:
1. The combofix log, C:\combofix.txt.
2. The TDSSKiller log, C:\TDSSKiller.[Version]_[Date]_[Time]_log.txt.
3. Let me know how your computer is running and what problems remain.
  • 0

Advertisements

#11
jester1525
Posted 05 September 2012 - 06:34 PM

jester1525

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Thanks so much and I apologize for the delay.. apparently you CAN'T get old XP disks and make them work.. No idea.. this system is headed toward Windows 7 (or possibly Ubuntu) next year, but it's got to get me through till January..


Everything seemed to go swimmingly!

ComboFix Log


ComboFix 12-09-05.02 - User 09/05/2012 18:09:26.2.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2253 [GMT -6:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\HelpAssistant\WINDOWS
c:\documents and settings\User\Application Data\fdm-setup.exe
c:\documents and settings\User\Application Data\Microsoft\AddIns\TM Randomize Slideshow\unins000.exe
c:\documents and settings\User\Application Data\PriceGong
c:\documents and settings\User\Application Data\PriceGong\Data\1.xml
c:\documents and settings\User\Application Data\PriceGong\Data\a.xml
c:\documents and settings\User\Application Data\PriceGong\Data\b.xml
c:\documents and settings\User\Application Data\PriceGong\Data\c.xml
c:\documents and settings\User\Application Data\PriceGong\Data\d.xml
c:\documents and settings\User\Application Data\PriceGong\Data\e.xml
c:\documents and settings\User\Application Data\PriceGong\Data\f.xml
c:\documents and settings\User\Application Data\PriceGong\Data\g.xml
c:\documents and settings\User\Application Data\PriceGong\Data\h.xml
c:\documents and settings\User\Application Data\PriceGong\Data\i.xml
c:\documents and settings\User\Application Data\PriceGong\Data\J.xml
c:\documents and settings\User\Application Data\PriceGong\Data\k.xml
c:\documents and settings\User\Application Data\PriceGong\Data\l.xml
c:\documents and settings\User\Application Data\PriceGong\Data\m.xml
c:\documents and settings\User\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\User\Application Data\PriceGong\Data\n.xml
c:\documents and settings\User\Application Data\PriceGong\Data\o.xml
c:\documents and settings\User\Application Data\PriceGong\Data\p.xml
c:\documents and settings\User\Application Data\PriceGong\Data\q.xml
c:\documents and settings\User\Application Data\PriceGong\Data\r.xml
c:\documents and settings\User\Application Data\PriceGong\Data\s.xml
c:\documents and settings\User\Application Data\PriceGong\Data\t.xml
c:\documents and settings\User\Application Data\PriceGong\Data\u.xml
c:\documents and settings\User\Application Data\PriceGong\Data\v.xml
c:\documents and settings\User\Application Data\PriceGong\Data\w.xml
c:\documents and settings\User\Application Data\PriceGong\Data\x.xml
c:\documents and settings\User\Application Data\PriceGong\Data\y.xml
c:\documents and settings\User\Application Data\PriceGong\Data\z.xml
c:\documents and settings\User\Application Data\satoolbar.exe
c:\documents and settings\User\g2mdlhlpx.exe
c:\documents and settings\User\GoToAssistDownloadHelper.exe
c:\documents and settings\User\WINDOWS
C:\install.exe
c:\windows\system32\AegisI5Installer.exe
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-08-06 to 2012-09-06 )))))))))))))))))))))))))))))))
.
.
2012-09-05 07:56 . 2012-09-05 07:56 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7D21B106-94DA-4004-A9C2-286309FAB7D1}\offreg.dll
2012-09-05 07:56 . 2012-09-05 07:56 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7D21B106-94DA-4004-A9C2-286309FAB7D1}\MpKsldb61f44c.sys
2012-09-05 07:55 . 2012-08-23 07:15 7022536 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7D21B106-94DA-4004-A9C2-286309FAB7D1}\mpengine.dll
2012-09-04 23:41 . 2012-09-04 23:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Zeon
2012-09-04 08:00 . 2012-08-23 07:15 7022536 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-08-27 02:30 . 2012-08-27 02:30 -------- d-----w- C:\_OTL
2012-08-23 21:32 . 2012-08-23 21:32 -------- d-----w- c:\program files\Citrix
2012-08-22 23:34 . 2012-08-22 23:52 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-20 04:52 . 2012-08-20 04:52 442560 ----a-w- c:\documents and settings\User\Application Data\fdmer.exe
2012-08-20 04:52 . 2012-08-20 04:54 -------- d-----w- c:\program files\Freedom Download Manager
2012-08-20 04:52 . 2012-08-20 04:52 525312 ----a-w- c:\documents and settings\User\Application Data\bsetter-own.exe
2012-08-19 04:57 . 2012-08-19 05:12 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
2012-08-19 04:57 . 2012-08-19 04:57 -------- d-----w- c:\program files\Security Task Manager
2012-08-16 05:45 . 2008-07-08 14:45 4984 ----a-w- c:\windows\system32\drivers\nvphy.bin
2012-08-16 05:45 . 2008-07-30 02:33 446464 ----a-w- c:\windows\system32\nvunrm.exe
2012-08-16 05:45 . 2008-07-30 02:33 446464 ----a-w- c:\windows\system32\nvuninst.exe
2012-08-16 01:14 . 2012-08-16 01:14 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2012-08-16 00:53 . 2012-08-16 00:53 -------- dc-h--w- c:\windows\ie8
2012-08-16 00:50 . 2012-07-02 17:49 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2012-08-16 00:31 . 2012-08-16 00:33 -------- d-----w- c:\documents and settings\temp
2012-08-16 00:18 . 2012-08-16 06:01 -------- d-----w- c:\documents and settings\Adam
2012-08-16 00:00 . 2012-08-16 00:00 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\ATI
2012-08-16 00:00 . 2012-08-16 00:00 -------- d-----w- c:\documents and settings\User\Application Data\ATI
2012-08-16 00:00 . 2012-08-16 00:00 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI
2012-08-15 23:51 . 2012-08-15 23:51 -------- d-----w- c:\program files\Common Files\ATI Technologies
2012-08-15 23:51 . 2009-08-19 12:05 100368 ----a-w- c:\windows\system32\drivers\AtiHdmi.sys
2012-08-15 23:47 . 2012-08-15 23:52 -------- d-----w- c:\program files\ATI Technologies
2012-08-15 23:47 . 2012-08-15 23:47 -------- d-----w- c:\program files\ATI
2012-08-15 23:46 . 2012-08-15 23:46 -------- d-----w- C:\AMD
2012-08-15 17:59 . 2012-08-15 17:59 -------- d-----w- c:\windows\Performance
2012-08-15 17:58 . 2012-08-15 17:58 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Microsoft Corporation
2012-08-15 17:55 . 2012-08-15 17:55 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2012-08-15 06:20 . 2012-08-15 14:40 -------- d-----w- c:\documents and settings\All Users\Application Data\CPA_VA
2012-08-15 06:19 . 2012-08-15 06:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo
2012-08-15 05:36 . 2012-08-15 05:36 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2012-08-09 02:58 . 2012-08-09 02:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-22 23:52 . 2011-12-07 04:04 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-04 00:10 . 2012-08-04 00:10 21361 ----a-w- c:\windows\system32\drivers\AegisP.sys
2012-07-06 13:58 . 2008-04-14 11:41 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05 . 2008-11-27 00:56 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 19:46 . 2009-12-22 05:55 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-03 13:40 . 2008-04-14 07:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-02 17:49 . 2008-08-26 18:11 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:49 . 2010-06-24 12:15 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-07-02 17:49 . 2008-08-26 18:11 43520 ------w- c:\windows\system32\licmgr10.dll
2012-07-02 12:05 . 2010-06-23 12:08 385024 ------w- c:\windows\system32\html.iec
2007-06-22 00:38 . 2007-06-22 00:38 30280 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2007-06-22 00:38 . 2007-06-22 00:38 79432 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2007-06-22 00:38 . 2007-06-22 00:38 71240 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2007-06-22 00:38 . 2007-06-22 00:38 140872 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2007-06-22 00:39 . 2007-06-22 00:39 38472 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2007-06-22 00:39 . 2007-06-22 00:39 46664 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2007-06-22 00:39 . 2007-06-22 00:39 34376 ----a-w- c:\program files\mozilla firefox\plugins\logging.dll
2007-06-22 00:39 . 2007-06-22 00:39 685640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2007-06-22 00:40 . 2007-06-22 00:40 30280 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
2012-07-20 19:54 . 2011-10-09 21:17 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-08-26 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-07-20 21:17 556376 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-07-20 21:17 556376 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-07-20 21:17 556376 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-07-20 21:17 556376 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2008-10-24 206112]
"MusicManager"="c:\documents and settings\User\Local Settings\Application Data\Programs\Google\MusicManager\MusicManager.exe" [2012-08-16 7316480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-10-09 1036288]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-01-04 40376]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-01-03 640440]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2008-10-24 206112]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2009-07-08 236016]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-10 29984]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-10 46368]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2008-02-19 1089536]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-11-02 90448]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-19 98304]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-12-21 519584]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
.
c:\documents and settings\User\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^REALTEK 11n USB Wireless LAN Utility.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\REALTEK 11n USB Wireless LAN Utility.lnk
backup=c:\windows\pss\REALTEK 11n USB Wireless LAN Utility.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^RollerCoaster Tycoon 3 Registration.lnk]
path=c:\documents and settings\User\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk
backup=c:\windows\pss\RollerCoaster Tycoon 3 Registration.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 11:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
2007-12-21 23:57 86016 ------w- c:\program files\Brother\ControlCenter3\BrCtrCen.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 11:42 15360 ------w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-06-05 13:09 136176 ----atw- c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoogleDriveSync]
2012-07-20 21:17 12218904 ----a-w- c:\program files\Google\Drive\googledrivesync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch Ai Booster]
2005-06-16 23:36 3627520 ----a-w- c:\program files\ASUS\Ai Booster\OverClk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MusicManager]
2012-08-16 00:13 7316480 ----a-w- c:\documents and settings\User\Local Settings\Application Data\Programs\Google\MusicManager\MusicManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfficeSyncProcess]
2012-01-21 03:03 719672 ----a-w- c:\program files\Microsoft Office\Office14\MSOSYNC.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-19 02:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\X-Rite Legacy Device]
2010-08-11 02:09 105984 ----a-w- c:\program files\X-Rite\Devices\Lib\xritelegacyd.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\User\\My Documents\\SecondLife\\SLVoice.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Documents and Settings\\User\\My Documents\\SecondLife\\SecondLife.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Common Files\\Adobe\\SwitchBoard\\SwitchBoard.exe"=
"c:\\Program Files\\Phoenix Viewer\\SLVoice.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"c:\\Program Files\\SecondLifeViewer2\\SLVoice.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
"c:\\Program Files\\REALTEK\\11n USB Wireless LAN Utility\\RtWLan.exe"=
"c:\\Program Files\\REALTEK\\11n USB Wireless LAN Utility\\RTLDHCP.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"2479:TCP"= 2479:TCP:Services
"3246:TCP"= 3246:TCP:Services
"7629:TCP"= 7629:TCP:Services
"3389:TCP"= 3389:TCP:Remote Desktop
"5454:TCP"= 5454:TCP:X-Rite Device Manager
"1542:TCP"= 1542:TCP:Realtek WPS TCP Prot
"1542:UDP"= 1542:UDP:Realtek WPS UDP Prot
"53:UDP"= 53:UDP:Realtek AP UDP Prot
.
R1 MpKsldb61f44c;MpKsldb61f44c;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7D21B106-94DA-4004-A9C2-286309FAB7D1}\MpKsldb61f44c.sys [9/5/2012 1:56 AM 29904]
R2 i1 Pro Service;X-Rite Device i1 Pro;c:\program files\X-Rite\Devices\Services\i1Pro\i1ProDeviceService.exe [11/1/2010 7:31 PM 1578496]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/21/2009 11:55 PM 655944]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2/20/2009 6:01 PM 3032360]
R2 xritedeviced;X-Rite Device Manager;c:\program files\X-Rite\Devices\Services\xritedeviced.exe [11/1/2010 7:28 PM 141312]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/21/2009 11:55 PM 22344]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2/20/2009 6:01 PM 15144]
S2 gupdate1c9915de151f2c0;Google Update Service (gupdate1c9915de151f2c0);c:\program files\Google\Update\GoogleUpdate.exe [2/17/2009 6:14 PM 133104]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [8/22/2012 5:34 PM 250056]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/17/2009 6:14 PM 133104]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [4/24/2012 9:02 PM 113120]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 10:37 PM 4640000]
S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?]
S3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\rtwlanu.sys [8/3/2012 6:09 PM 1270120]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 1:37 PM 517096]
S3 XPTWOPORT;XP TWO PORT Intermediate Driver;c:\windows\system32\drivers\XPTWOPORT.sys [8/3/2012 6:09 PM 15872]
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-22 23:52]
.
2012-09-05 c:\windows\Tasks\AdobeAAMUpdater-1.0-DEN-User.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-06-08 09:44]
.
2012-08-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]
.
2012-09-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-18 00:14]
.
2012-09-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-18 00:14]
.
2012-09-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-1417001333-1801674531-1003Core.job
- c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-01 13:09]
.
2012-09-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-1417001333-1801674531-1003UA.job
- c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-01 13:09]
.
2012-09-05 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 23:03]
.
2012-09-05 c:\windows\Tasks\User_Feed_Synchronization-{AB64F500-7EC3-4490-A99E-ECE2065DE0B3}.job
- c:\windows\system32\msfeedssync.exe [2008-08-26 10:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.searchamong.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.searchamong.com/searchview.php?query={searchTerms}&cat=webs&bar=true
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254 75.153.176.1
TCP: Interfaces\{2CCD4236-278F-41E7-BB2A-BBFEF7B0187B}: NameServer = 156.154.70.22,156.154.71.22
TCP: Interfaces\{407DEE13-CA4E-4EB2-ADD2-780776220F8D}: NameServer = 156.154.70.22,156.154.71.22
Handler: intu-tt2011 - {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - c:\program files\TurboTax 2011\ic2011pp.dll
DPF: {395E58B9-090C-461A-8F27-087D1C727945} - hxxp://conference.rship.ca/joinie.cab
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\qm52wcga.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.facebook.com/|https://www.google.ca/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-AdobeBridge - (no file)
MSConfigStartUp-NvCplDaemon - c:\windows\system32\NvCpl.dll
MSConfigStartUp-NvMediaCenter - c:\windows\system32\NvMcTray.dll
MSConfigStartUp-nwiz - nwiz.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
AddRemove-TM Randomize Slideshow_is1 - c:\documents and settings\User\Application Data\Microsoft\AddIns\TM Randomize Slideshow\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-05 18:15
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1606980848-1417001333-1801674531-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:b9,cb,b3,25,5a,55,0d,50,83,3d,13,d8,2d,31,a2,cc,88,26,a3,9a,76,db,91,
60,27,91,2d,8f,9a,cb,03,b9,dc,15,cf,2c,05,a6,25,32,38,03,a8,e5,bd,43,6e,5d,\
"??"=hex:a4,99,ff,e7,14,53,f3,ea,b3,b7,3d,e8,61,fa,cf,60
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(888)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
Completion time: 2012-09-05 18:18:53
ComboFix-quarantined-files.txt 2012-09-06 00:18
.
Pre-Run: 217,448,718,336 bytes free
Post-Run: 218,188,541,952 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptOut
.
- - End Of File - - 194B071494C6061C2ED5BFB96825C1A0






























TDSSKiller Log:

18:21:04.0859 0204 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
18:21:05.0218 0204 ============================================================
18:21:05.0218 0204 Current date / time: 2012/09/05 18:21:05.0218
18:21:05.0218 0204 SystemInfo:
18:21:05.0218 0204
18:21:05.0218 0204 OS Version: 5.1.2600 ServicePack: 3.0
18:21:05.0218 0204 Product type: Workstation
18:21:05.0218 0204 ComputerName: DEN
18:21:05.0218 0204 UserName: User
18:21:05.0218 0204 Windows directory: C:\WINDOWS
18:21:05.0218 0204 System windows directory: C:\WINDOWS
18:21:05.0218 0204 Processor architecture: Intel x86
18:21:05.0218 0204 Number of processors: 4
18:21:05.0218 0204 Page size: 0x1000
18:21:05.0218 0204 Boot type: Normal boot
18:21:05.0218 0204 ============================================================
18:21:05.0515 0204 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058
18:21:05.0656 0204 Drive \Device\Harddisk6\DR7 - Size: 0x1DD180000 (7.45 Gb), SectorSize: 0x200, Cylinders: 0x3CD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:21:05.0656 0204 ============================================================
18:21:05.0656 0204 \Device\Harddisk0\DR0:
18:21:05.0656 0204 MBR partitions:
18:21:05.0656 0204 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
18:21:05.0656 0204 \Device\Harddisk6\DR7:
18:21:05.0656 0204 MBR partitions:
18:21:05.0656 0204 \Device\Harddisk6\DR7\Partition1: MBR, Type 0xB, StartLBA 0x20, BlocksNum 0xEE8BE0
18:21:05.0656 0204 ============================================================
18:21:05.0687 0204 C: <-> \Device\Harddisk0\DR0\Partition1
18:21:05.0687 0204 ============================================================
18:21:05.0687 0204 Initialize success
18:21:05.0687 0204 ============================================================
18:21:33.0453 0688 ============================================================
18:21:33.0453 0688 Scan started
18:21:33.0453 0688 Mode: Manual; SigCheck; TDLFS;
18:21:33.0453 0688 ============================================================
18:21:33.0875 0688 ================ Scan system memory ========================
18:21:33.0875 0688 System memory - ok
18:21:33.0890 0688 ================ Scan services =============================
18:21:34.0031 0688 Abiosdsk - ok
18:21:34.0031 0688 abp480n5 - ok
18:21:34.0078 0688 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:21:34.0359 0688 ACPI - ok
18:21:34.0390 0688 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
18:21:34.0468 0688 ACPIEC - ok
18:21:34.0500 0688 [ 651168B452DA256FA9E1AA172EF5BAC5 ] ADIHdAudAddService C:\WINDOWS\system32\drivers\ADIHdAud.sys
18:21:34.0562 0688 ADIHdAudAddService - ok
18:21:34.0703 0688 [ 14C23516C990DCD6052152CF034DDE40 ] Adobe Version Cue CS3 C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
18:21:34.0718 0688 Adobe Version Cue CS3 - ok
18:21:34.0796 0688 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
18:21:34.0812 0688 AdobeFlashPlayerUpdateSvc - ok
18:21:34.0812 0688 adpu160m - ok
18:21:34.0812 0688 [ B4AFCC2F911939A1C16A26E7EBA7F36B ] AEAudio C:\WINDOWS\system32\drivers\AEAudio.sys
18:21:34.0843 0688 AEAudio - ok
18:21:34.0859 0688 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
18:21:34.0953 0688 aec - ok
18:21:34.0984 0688 [ 023867B6606FBABCDD52E089C4A507DA ] AegisP C:\WINDOWS\system32\DRIVERS\AegisP.sys
18:21:35.0000 0688 AegisP ( UnsignedFile.Multi.Generic ) - warning
18:21:35.0000 0688 AegisP - detected UnsignedFile.Multi.Generic (1)
18:21:35.0031 0688 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
18:21:35.0062 0688 AFD - ok
18:21:35.0062 0688 Aha154x - ok
18:21:35.0062 0688 aic78u2 - ok
18:21:35.0062 0688 aic78xx - ok
18:21:35.0093 0688 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
18:21:35.0171 0688 Alerter - ok
18:21:35.0187 0688 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
18:21:35.0234 0688 ALG - ok
18:21:35.0250 0688 AliIde - ok
18:21:35.0250 0688 amsint - ok
18:21:35.0265 0688 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
18:21:35.0296 0688 AppMgmt - ok
18:21:35.0296 0688 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
18:21:35.0359 0688 Arp1394 - ok
18:21:35.0359 0688 asc - ok
18:21:35.0359 0688 asc3350p - ok
18:21:35.0359 0688 asc3550 - ok
18:21:35.0375 0688 [ C959989E2CE8DA9BDE8CAFDDBA84BADF ] AsIO C:\WINDOWS\system32\drivers\AsIO.sys
18:21:35.0375 0688 AsIO ( UnsignedFile.Multi.Generic ) - warning
18:21:35.0375 0688 AsIO - detected UnsignedFile.Multi.Generic (1)
18:21:35.0484 0688 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
18:21:35.0500 0688 aspnet_state - ok
18:21:35.0546 0688 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:21:35.0609 0688 AsyncMac - ok
18:21:35.0656 0688 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
18:21:35.0718 0688 atapi - ok
18:21:35.0718 0688 Atdisk - ok
18:21:35.0781 0688 [ 281D26DF656E53DAB568214EE282EC46 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
18:21:35.0812 0688 Ati HotKey Poller - ok
18:21:36.0031 0688 [ C2B6F2161ABD498D2B453050FFC81812 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
18:21:36.0250 0688 ati2mtag - ok
18:21:36.0312 0688 [ FAC04A8E09C8D70594382656D99772A3 ] AtiHdmiService C:\WINDOWS\system32\drivers\AtiHdmi.sys
18:21:36.0328 0688 AtiHdmiService - ok
18:21:36.0343 0688 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:21:36.0421 0688 Atmarpc - ok
18:21:36.0437 0688 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
18:21:36.0531 0688 AudioSrv - ok
18:21:36.0562 0688 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
18:21:36.0656 0688 audstub - ok
18:21:36.0687 0688 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
18:21:36.0765 0688 Beep - ok
18:21:36.0812 0688 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
18:21:36.0890 0688 BITS - ok
18:21:36.0921 0688 [ 73686FE0B2E0469F89FD2075BE724704 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
18:21:36.0921 0688 Bonjour Service ( UnsignedFile.Multi.Generic ) - warning
18:21:36.0921 0688 Bonjour Service - detected UnsignedFile.Multi.Generic (1)
18:21:36.0968 0688 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
18:21:36.0984 0688 Browser - ok
18:21:37.0015 0688 [ 92A964547B96D697E5E9ED43B4297F5A ] BrScnUsb C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys
18:21:37.0046 0688 BrScnUsb - ok
18:21:37.0062 0688 [ 1A5FC78E41840EDF79D65EC16EFF2787 ] BrSerIf C:\WINDOWS\system32\Drivers\BrSerIf.sys
18:21:37.0078 0688 BrSerIf - ok
18:21:37.0093 0688 [ A24C7B39602218F8DBDB2B6704325FC7 ] BrUsbSer C:\WINDOWS\system32\Drivers\BrUsbSer.sys
18:21:37.0109 0688 BrUsbSer - ok
18:21:37.0234 0688 catchme - ok
18:21:37.0281 0688 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
18:21:37.0406 0688 cbidf2k - ok
18:21:37.0406 0688 cd20xrnt - ok
18:21:37.0421 0688 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
18:21:37.0500 0688 Cdaudio - ok
18:21:37.0500 0688 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
18:21:37.0578 0688 Cdfs - ok
18:21:37.0593 0688 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:21:37.0671 0688 Cdrom - ok
18:21:37.0671 0688 Changer - ok
18:21:37.0687 0688 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
18:21:37.0765 0688 CiSvc - ok
18:21:37.0781 0688 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
18:21:37.0843 0688 ClipSrv - ok
18:21:37.0937 0688 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:21:37.0953 0688 clr_optimization_v2.0.50727_32 - ok
18:21:37.0968 0688 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:21:37.0984 0688 clr_optimization_v4.0.30319_32 - ok
18:21:37.0984 0688 CmdIde - ok
18:21:37.0984 0688 COMSysApp - ok
18:21:38.0000 0688 Cpqarray - ok
18:21:38.0015 0688 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
18:21:38.0093 0688 CryptSvc - ok
18:21:38.0093 0688 dac2w2k - ok
18:21:38.0093 0688 dac960nt - ok
18:21:38.0109 0688 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
18:21:38.0125 0688 DcomLaunch - ok
18:21:38.0125 0688 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
18:21:38.0203 0688 Dhcp - ok
18:21:38.0203 0688 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
18:21:38.0281 0688 Disk - ok
18:21:38.0281 0688 dmadmin - ok
18:21:38.0312 0688 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
18:21:38.0437 0688 dmboot - ok
18:21:38.0437 0688 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
18:21:38.0515 0688 dmio - ok
18:21:38.0531 0688 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
18:21:38.0593 0688 dmload - ok
18:21:38.0593 0688 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
18:21:38.0671 0688 dmserver - ok
18:21:38.0703 0688 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
18:21:38.0781 0688 DMusic - ok
18:21:38.0812 0688 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
18:21:38.0843 0688 Dnscache - ok
18:21:38.0859 0688 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
18:21:38.0937 0688 Dot3svc - ok
18:21:38.0937 0688 dpti2o - ok
18:21:38.0937 0688 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
18:21:39.0015 0688 drmkaud - ok
18:21:39.0031 0688 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
18:21:39.0109 0688 EapHost - ok
18:21:39.0109 0688 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
18:21:39.0187 0688 ERSvc - ok
18:21:39.0234 0688 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
18:21:39.0250 0688 Eventlog - ok
18:21:39.0265 0688 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
18:21:39.0281 0688 EventSystem - ok
18:21:39.0281 0688 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
18:21:39.0343 0688 Fastfat - ok
18:21:39.0375 0688 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
18:21:39.0375 0688 FastUserSwitchingCompatibility - ok
18:21:39.0390 0688 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
18:21:39.0468 0688 Fdc - ok
18:21:39.0484 0688 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
18:21:39.0546 0688 Fips - ok
18:21:39.0593 0688 [ F76D04F7413B07DAA029F6520B64B4E8 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
18:21:39.0625 0688 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
18:21:39.0625 0688 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
18:21:39.0656 0688 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
18:21:39.0734 0688 Flpydisk - ok
18:21:39.0765 0688 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
18:21:39.0843 0688 FltMgr - ok
18:21:39.0937 0688 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
18:21:39.0953 0688 FontCache3.0.0.0 - ok
18:21:39.0984 0688 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:21:40.0062 0688 Fs_Rec - ok
18:21:40.0062 0688 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:21:40.0187 0688 Ftdisk - ok
18:21:40.0218 0688 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:21:40.0312 0688 Gpc - ok
18:21:40.0390 0688 [ 626A24ED1228580B9518C01930936DF9 ] gupdate1c9915de151f2c0 C:\Program Files\Google\Update\GoogleUpdate.exe
18:21:40.0406 0688 gupdate1c9915de151f2c0 - ok
18:21:40.0406 0688 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
18:21:40.0421 0688 gupdatem - ok
18:21:40.0437 0688 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
18:21:40.0531 0688 HDAudBus - ok
18:21:40.0562 0688 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
18:21:40.0656 0688 helpsvc - ok
18:21:40.0671 0688 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
18:21:40.0750 0688 HidServ - ok
18:21:40.0765 0688 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:21:40.0843 0688 hidusb - ok
18:21:40.0859 0688 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
18:21:40.0921 0688 hkmsvc - ok
18:21:40.0921 0688 hpn - ok
18:21:40.0984 0688 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
18:21:41.0000 0688 HTTP - ok
18:21:41.0015 0688 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
18:21:41.0093 0688 HTTPFilter - ok
18:21:41.0187 0688 [ 4F8EA28A0C78BDEB712F3784515136C2 ] i1 Pro Service C:\Program Files\X-Rite\Devices\Services\i1Pro\i1ProDeviceService.exe
18:21:41.0296 0688 i1 Pro Service ( UnsignedFile.Multi.Generic ) - warning
18:21:41.0296 0688 i1 Pro Service - detected UnsignedFile.Multi.Generic (1)
18:21:41.0312 0688 i2omgmt - ok
18:21:41.0312 0688 i2omp - ok
18:21:41.0312 0688 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\drivers\i8042prt.sys
18:21:41.0406 0688 i8042prt - ok
18:21:41.0484 0688 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
18:21:41.0484 0688 IDriverT ( UnsignedFile.Multi.Generic ) - warning
18:21:41.0484 0688 IDriverT - detected UnsignedFile.Multi.Generic (1)
18:21:41.0546 0688 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:21:41.0578 0688 idsvc - ok
18:21:41.0578 0688 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
18:21:41.0671 0688 Imapi - ok
18:21:41.0687 0688 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
18:21:41.0765 0688 ImapiService - ok
18:21:41.0765 0688 ini910u - ok
18:21:41.0765 0688 IntelIde - ok
18:21:41.0781 0688 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:21:41.0859 0688 intelppm - ok
18:21:41.0875 0688 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
18:21:41.0968 0688 Ip6Fw - ok
18:21:42.0000 0688 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:21:42.0062 0688 IpFilterDriver - ok
18:21:42.0078 0688 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:21:42.0140 0688 IpInIp - ok
18:21:42.0171 0688 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:21:42.0250 0688 IpNat - ok
18:21:42.0250 0688 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:21:42.0343 0688 IPSec - ok
18:21:42.0359 0688 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
18:21:42.0390 0688 IRENUM - ok
18:21:42.0421 0688 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:21:42.0484 0688 isapnp - ok
18:21:42.0625 0688 [ 9AE07549A0D691A103FAF8946554BDB7 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
18:21:42.0640 0688 JavaQuickStarterService - ok
18:21:42.0656 0688 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:21:42.0750 0688 Kbdclass - ok
18:21:42.0765 0688 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
18:21:42.0843 0688 kbdhid - ok
18:21:42.0875 0688 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
18:21:42.0953 0688 kmixer - ok
18:21:42.0984 0688 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
18:21:43.0015 0688 KSecDD - ok
18:21:43.0046 0688 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
18:21:43.0093 0688 LanmanServer - ok
18:21:43.0140 0688 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
18:21:43.0187 0688 lanmanworkstation - ok
18:21:43.0187 0688 lbrtfdc - ok
18:21:43.0234 0688 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
18:21:43.0312 0688 LmHosts - ok
18:21:43.0343 0688 [ 04D3A71875699098AF856EE5F9F72AC3 ] Macromedia Licensing Service C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
18:21:43.0343 0688 Macromedia Licensing Service ( UnsignedFile.Multi.Generic ) - warning
18:21:43.0343 0688 Macromedia Licensing Service - detected UnsignedFile.Multi.Generic (1)
18:21:43.0375 0688 [ 6DFE7F2E8E8A337263AA5C92A215F161 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
18:21:43.0375 0688 MBAMProtector - ok
18:21:43.0500 0688 [ 43683E970F008C93C9429EF428147A54 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
18:21:43.0515 0688 MBAMService - ok
18:21:43.0562 0688 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
18:21:43.0625 0688 Messenger - ok
18:21:43.0640 0688 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
18:21:43.0718 0688 mnmdd - ok
18:21:43.0750 0688 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
18:21:43.0812 0688 mnmsrvc - ok
18:21:43.0859 0688 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
18:21:43.0953 0688 Modem - ok
18:21:43.0953 0688 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:21:44.0031 0688 Mouclass - ok
18:21:44.0062 0688 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:21:44.0140 0688 mouhid - ok
18:21:44.0140 0688 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
18:21:44.0218 0688 MountMgr - ok
18:21:44.0296 0688 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
18:21:44.0296 0688 MozillaMaintenance - ok
18:21:44.0312 0688 [ D993BEA500E7382DC4E760BF4F35EFCB ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys
18:21:44.0328 0688 MpFilter - ok
18:21:44.0484 0688 [ A69630D039C38018689190234F866D77 ] MpKsldb61f44c c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7D21B106-94DA-4004-A9C2-286309FAB7D1}\MpKsldb61f44c.sys
18:21:44.0500 0688 MpKsldb61f44c - ok
18:21:44.0500 0688 mraid35x - ok
18:21:44.0500 0688 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:21:44.0578 0688 MRxDAV - ok
18:21:44.0609 0688 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:21:44.0625 0688 MRxSmb - ok
18:21:44.0656 0688 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
18:21:44.0718 0688 MSDTC - ok
18:21:44.0734 0688 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
18:21:44.0812 0688 Msfs - ok
18:21:44.0812 0688 MSIServer - ok
18:21:44.0843 0688 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:21:44.0921 0688 MSKSSRV - ok
18:21:45.0015 0688 [ 24516BF4E12A46CB67302E2CDCB8CDDF ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
18:21:45.0031 0688 MsMpSvc - ok
18:21:45.0062 0688 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:21:45.0140 0688 MSPCLOCK - ok
18:21:45.0156 0688 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
18:21:45.0250 0688 MSPQM - ok
18:21:45.0296 0688 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:21:45.0375 0688 mssmbios - ok
18:21:45.0406 0688 [ D48659BB24C48345D926ECB45C1EBDF5 ] MTsensor C:\WINDOWS\system32\DRIVERS\ASACPI.sys
18:21:45.0437 0688 MTsensor - ok
18:21:45.0453 0688 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
18:21:45.0468 0688 Mup - ok
18:21:45.0500 0688 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
18:21:45.0562 0688 napagent - ok
18:21:45.0593 0688 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
18:21:45.0687 0688 NDIS - ok
18:21:45.0687 0688 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:21:45.0718 0688 NdisTapi - ok
18:21:45.0734 0688 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:21:45.0812 0688 Ndisuio - ok
18:21:45.0812 0688 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:21:45.0906 0688 NdisWan - ok
18:21:45.0937 0688 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
18:21:45.0937 0688 NDProxy - ok
18:21:45.0937 0688 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
18:21:46.0031 0688 NetBIOS - ok
18:21:46.0046 0688 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
18:21:46.0140 0688 NetBT - ok
18:21:46.0171 0688 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
18:21:46.0234 0688 NetDDE - ok
18:21:46.0250 0688 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
18:21:46.0312 0688 NetDDEdsdm - ok
18:21:46.0359 0688 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
18:21:46.0437 0688 Netlogon - ok
18:21:46.0437 0688 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
18:21:46.0515 0688 Netman - ok
18:21:46.0546 0688 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:21:46.0546 0688 NetTcpPortSharing - ok
18:21:46.0578 0688 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
18:21:46.0671 0688 NIC1394 - ok
18:21:46.0687 0688 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
18:21:46.0718 0688 Nla - ok
18:21:46.0718 0688 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
18:21:46.0796 0688 Npfs - ok
18:21:46.0828 0688 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
18:21:46.0906 0688 Ntfs - ok
18:21:46.0906 0688 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
18:21:46.0984 0688 NtLmSsp - ok
18:21:47.0000 0688 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
18:21:47.0078 0688 NtmsSvc - ok
18:21:47.0109 0688 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
18:21:47.0171 0688 Null - ok
18:21:47.0203 0688 [ 7D275ECDA4628318912F6C945D5CF963 ] NVENETFD C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
18:21:47.0234 0688 NVENETFD - ok
18:21:47.0250 0688 [ FA740E97A0FE36E368C2299D9F3C01C1 ] nvgts C:\WINDOWS\system32\DRIVERS\nvgts.sys
18:21:47.0265 0688 nvgts - ok
18:21:47.0312 0688 [ B64AACEFAD2BE5BFF5353FE681253C67 ] nvnetbus C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
18:21:47.0328 0688 nvnetbus - ok
18:21:47.0343 0688 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:21:47.0406 0688 NwlnkFlt - ok
18:21:47.0421 0688 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:21:47.0515 0688 NwlnkFwd - ok
18:21:47.0515 0688 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
18:21:47.0578 0688 ohci1394 - ok
18:21:47.0671 0688 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:21:47.0671 0688 ose - ok
18:21:47.0796 0688 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:21:47.0953 0688 osppsvc - ok
18:21:47.0968 0688 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
18:21:48.0031 0688 Parport - ok
18:21:48.0031 0688 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
18:21:48.0109 0688 PartMgr - ok
18:21:48.0140 0688 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
18:21:48.0218 0688 ParVdm - ok
18:21:48.0218 0688 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
18:21:48.0296 0688 PCI - ok
18:21:48.0312 0688 PciCon - ok
18:21:48.0312 0688 PCIDump - ok
18:21:48.0343 0688 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
18:21:48.0406 0688 PCIIde - ok
18:21:48.0421 0688 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
18:21:48.0500 0688 Pcmcia - ok
18:21:48.0500 0688 PDCOMP - ok
18:21:48.0500 0688 PDFRAME - ok
18:21:48.0500 0688 PDRELI - ok
18:21:48.0500 0688 PDRFRAME - ok
18:21:48.0515 0688 perc2 - ok
18:21:48.0515 0688 perc2hib - ok
18:21:48.0531 0688 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
18:21:48.0546 0688 PlugPlay - ok
18:21:48.0546 0688 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
18:21:48.0625 0688 PolicyAgent - ok
18:21:48.0671 0688 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:21:48.0734 0688 PptpMiniport - ok
18:21:48.0734 0688 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
18:21:48.0812 0688 ProtectedStorage - ok
18:21:48.0859 0688 [ F115AF58ABE5605D7D709CBFBD83F418 ] ProtexisLicensing C:\WINDOWS\system32\PSIService.exe
18:21:48.0875 0688 ProtexisLicensing - ok
18:21:48.0875 0688 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
18:21:48.0953 0688 PSched - ok
18:21:48.0968 0688 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:21:49.0046 0688 Ptilink - ok
18:21:49.0062 0688 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
18:21:49.0078 0688 PxHelp20 - ok
18:21:49.0078 0688 ql1080 - ok
18:21:49.0078 0688 Ql10wnt - ok
18:21:49.0078 0688 ql12160 - ok
18:21:49.0078 0688 ql1240 - ok
18:21:49.0078 0688 ql1280 - ok
18:21:49.0093 0688 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:21:49.0171 0688 RasAcd - ok
18:21:49.0187 0688 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
18:21:49.0265 0688 RasAuto - ok
18:21:49.0281 0688 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:21:49.0359 0688 Rasl2tp - ok
18:21:49.0359 0688 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
18:21:49.0437 0688 RasMan - ok
18:21:49.0437 0688 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:21:49.0500 0688 RasPppoe - ok
18:21:49.0515 0688 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
18:21:49.0578 0688 Raspti - ok
18:21:49.0593 0688 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:21:49.0687 0688 Rdbss - ok
18:21:49.0703 0688 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:21:49.0765 0688 RDPCDD - ok
18:21:49.0812 0688 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
18:21:49.0890 0688 rdpdr - ok
18:21:49.0937 0688 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
18:21:49.0968 0688 RDPWD - ok
18:21:50.0000 0688 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
18:21:50.0078 0688 RDSessMgr - ok
18:21:50.0125 0688 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
18:21:50.0218 0688 redbook - ok
18:21:50.0234 0688 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
18:21:50.0312 0688 RemoteAccess - ok
18:21:50.0328 0688 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
18:21:50.0406 0688 RemoteRegistry - ok
18:21:50.0437 0688 [ 4F4A4C09CC5BE58A76CAC1C337E004E6 ] RimUsb C:\WINDOWS\system32\Drivers\RimUsb.sys
18:21:50.0484 0688 RimUsb - ok
18:21:50.0500 0688 [ 3A5633AD615E2B15291BD0B1B97CCD8A ] RimVSerPort C:\WINDOWS\system32\DRIVERS\RimSerial.sys
18:21:50.0531 0688 RimVSerPort - ok
18:21:50.0546 0688 [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7 ] ROOTMODEM C:\WINDOWS\system32\Drivers\RootMdm.sys
18:21:50.0609 0688 ROOTMODEM - ok
18:21:50.0687 0688 [ AFD61A7C48A3E15C86A6FADF0B69A2E4 ] Roxio UPnP Renderer 9 C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
18:21:50.0687 0688 Roxio UPnP Renderer 9 - ok
18:21:50.0703 0688 [ EFBB36E2BB02169D26E9980778FC20D3 ] Roxio Upnp Server 9 C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
18:21:50.0718 0688 Roxio Upnp Server 9 - ok
18:21:50.0796 0688 [ 78E680A105F47B6AA0003BD23ED9FA51 ] RoxLiveShare9 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
18:21:50.0812 0688 RoxLiveShare9 - ok
18:21:50.0843 0688 [ 9D5C024170C376D7CC66ED853FDA9068 ] RoxMediaDB9 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
18:21:50.0875 0688 RoxMediaDB9 - ok
18:21:50.0921 0688 [ 87F175539DBBA297018AA7FCDD563FF7 ] RoxWatch9 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
18:21:50.0937 0688 RoxWatch9 - ok
18:21:50.0953 0688 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
18:21:51.0031 0688 RpcLocator - ok
18:21:51.0062 0688 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
18:21:51.0078 0688 RpcSs - ok
18:21:51.0093 0688 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
18:21:51.0171 0688 RSVP - ok
18:21:51.0203 0688 [ 7436BFD3A542CF6FF55097200031B293 ] RT73 C:\WINDOWS\system32\DRIVERS\rt73.sys
18:21:51.0218 0688 RT73 - ok
18:21:51.0281 0688 [ F705F7B6E187A7BAB9402902B08D8484 ] RTL8192cu C:\WINDOWS\system32\DRIVERS\rtwlanu.sys
18:21:51.0328 0688 RTL8192cu - ok
18:21:51.0343 0688 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
18:21:51.0421 0688 SamSs - ok
18:21:51.0453 0688 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
18:21:51.0531 0688 SCardSvr - ok
18:21:51.0578 0688 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
18:21:51.0640 0688 Schedule - ok
18:21:51.0671 0688 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:21:51.0703 0688 Secdrv - ok
18:21:51.0718 0688 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
18:21:51.0781 0688 seclogon - ok
18:21:51.0843 0688 [ B6A6B409FDA9D9EBD3AADB838D3D7173 ] SenFiltService C:\WINDOWS\system32\drivers\Senfilt.sys
18:21:51.0875 0688 SenFiltService - ok
18:21:51.0875 0688 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
18:21:51.0953 0688 SENS - ok
18:21:51.0968 0688 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
18:21:52.0046 0688 Serial - ok
18:21:52.0062 0688 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
18:21:52.0140 0688 Sfloppy - ok
18:21:52.0203 0688 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
18:21:52.0296 0688 SharedAccess - ok
18:21:52.0328 0688 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
18:21:52.0328 0688 ShellHWDetection - ok
18:21:52.0328 0688 Simbad - ok
18:21:52.0343 0688 Sparrow - ok
18:21:52.0343 0688 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
18:21:52.0437 0688 splitter - ok
18:21:52.0437 0688 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
18:21:52.0453 0688 Spooler - ok
18:21:52.0484 0688 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
18:21:52.0515 0688 sr - ok
18:21:52.0546 0688 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
18:21:52.0578 0688 srservice - ok
18:21:52.0593 0688 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
18:21:52.0640 0688 Srv - ok
18:21:52.0656 0688 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
18:21:52.0687 0688 SSDPSRV - ok
18:21:52.0734 0688 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
18:21:52.0812 0688 stisvc - ok
18:21:52.0843 0688 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
18:21:52.0906 0688 swenum - ok
18:21:53.0062 0688 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
18:21:53.0062 0688 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
18:21:53.0062 0688 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
18:21:53.0109 0688 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
18:21:53.0203 0688 swmidi - ok
18:21:53.0203 0688 SwPrv - ok
18:21:53.0203 0688 symc810 - ok
18:21:53.0203 0688 symc8xx - ok
18:21:53.0203 0688 sym_hi - ok
18:21:53.0218 0688 sym_u3 - ok
18:21:53.0296 0688 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
18:21:53.0359 0688 sysaudio - ok
18:21:53.0406 0688 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
18:21:53.0500 0688 SysmonLog - ok
18:21:53.0609 0688 [ 5781D4C12D0D204447F9936D421C1B80 ] TabletServicePen C:\WINDOWS\system32\Pen_Tablet.exe
18:21:53.0703 0688 TabletServicePen - ok
18:21:53.0718 0688 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
18:21:53.0796 0688 TapiSrv - ok
18:21:53.0843 0688 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:21:53.0859 0688 Tcpip - ok
18:21:53.0890 0688 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
18:21:53.0968 0688 TDPIPE - ok
18:21:53.0984 0688 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
18:21:54.0062 0688 TDTCP - ok
18:21:54.0062 0688 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
18:21:54.0140 0688 TermDD - ok
18:21:54.0187 0688 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
18:21:54.0265 0688 TermService - ok
18:21:54.0281 0688 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
18:21:54.0296 0688 Themes - ok
18:21:54.0328 0688 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
18:21:54.0375 0688 TlntSvr - ok
18:21:54.0375 0688 TosIde - ok
18:21:54.0375 0688 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
18:21:54.0468 0688 TrkWks - ok
18:21:54.0484 0688 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
18:21:54.0562 0688 Udfs - ok
18:21:54.0562 0688 ultra - ok
18:21:54.0578 0688 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
18:21:54.0656 0688 Update - ok
18:21:54.0671 0688 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
18:21:54.0718 0688 upnphost - ok
18:21:54.0734 0688 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
18:21:54.0796 0688 UPS - ok
18:21:54.0812 0688 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:21:54.0890 0688 usbccgp - ok
18:21:54.0906 0688 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:21:55.0000 0688 usbehci - ok
18:21:55.0015 0688 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:21:55.0109 0688 usbhub - ok
18:21:55.0140 0688 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
18:21:55.0203 0688 usbohci - ok
18:21:55.0218 0688 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
18:21:55.0281 0688 usbprint - ok
18:21:55.0312 0688 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
18:21:55.0375 0688 usbscan - ok
18:21:55.0375 0688 [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:21:55.0453 0688 usbstor - ok
18:21:55.0484 0688 [ B6CC50279D6CD28E090A5D33244ADC9A ] usb_rndisx C:\WINDOWS\system32\DRIVERS\usb8023x.sys
18:21:55.0546 0688 usb_rndisx - ok
18:21:55.0546 0688 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
18:21:55.0625 0688 VgaSave - ok
18:21:55.0625 0688 ViaIde - ok
18:21:55.0671 0688 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
18:21:55.0734 0688 VolSnap - ok
18:21:55.0765 0688 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
18:21:55.0796 0688 VSS - ok
18:21:55.0828 0688 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
18:21:55.0906 0688 W32Time - ok
18:21:55.0953 0688 [ 85F2115FEA646693C195C101E15F5667 ] wacmoumonitor C:\WINDOWS\system32\DRIVERS\wacmoumonitor.sys
18:21:55.0953 0688 wacmoumonitor - ok
18:21:55.0984 0688 [ 427A8BC96F16C40DF81C2D2F4EDD32DD ] wacommousefilter C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys
18:21:55.0984 0688 wacommousefilter - ok
18:21:56.0015 0688 [ A45BC72E1BBF4286A58EF9B894871394 ] wacomvhid C:\WINDOWS\system32\DRIVERS\wacomvhid.sys
18:21:56.0015 0688 wacomvhid - ok
18:21:56.0046 0688 [ 889459833432B161CB99CFDF84A1A9BB ] WacomVKHid C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys
18:21:56.0046 0688 WacomVKHid - ok
18:21:56.0078 0688 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:21:56.0140 0688 Wanarp - ok
18:21:56.0203 0688 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
18:21:56.0218 0688 Wdf01000 - ok
18:21:56.0218 0688 WDICA - ok
18:21:56.0265 0688 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
18:21:56.0328 0688 wdmaud - ok
18:21:56.0359 0688 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
18:21:56.0421 0688 WebClient - ok
18:21:56.0515 0688 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
18:21:56.0578 0688 winmgmt - ok
18:21:56.0625 0688 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
18:21:56.0640 0688 WmdmPmSN - ok
18:21:56.0703 0688 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
18:21:56.0718 0688 Wmi - ok
18:21:56.0765 0688 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
18:21:56.0859 0688 WmiApSrv - ok
18:21:56.0953 0688 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
18:21:56.0984 0688 WMPNetworkSvc - ok
18:21:57.0000 0688 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
18:21:57.0015 0688 WpdUsb - ok
18:21:57.0093 0688 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
18:21:57.0125 0688 WPFFontCache_v0400 - ok
18:21:57.0156 0688 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
18:21:57.0218 0688 WS2IFSL - ok
18:21:57.0234 0688 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
18:21:57.0312 0688 wscsvc - ok
18:21:57.0328 0688 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
18:21:57.0406 0688 wuauserv - ok
18:21:57.0421 0688 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
18:21:57.0468 0688 WudfPf - ok
18:21:57.0484 0688 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
18:21:57.0515 0688 WudfRd - ok
18:21:57.0531 0688 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
18:21:57.0562 0688 WudfSvc - ok
18:21:57.0593 0688 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
18:21:57.0671 0688 WZCSVC - ok
18:21:57.0687 0688 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
18:21:57.0765 0688 xmlprov - ok
18:21:57.0781 0688 [ C36D1EE1F52E95BEEDEEA275AD8A48F7 ] XPTWOPORT C:\WINDOWS\system32\DRIVERS\XPTWOPORT.SYS
18:21:57.0812 0688 XPTWOPORT - ok
18:21:57.0859 0688 [ 500CFFB3AABE4AE94F8485BDFBA027FC ] xritedeviced C:\Program Files\X-Rite\Devices\Services\xritedeviced.exe
18:21:57.0859 0688 xritedeviced ( UnsignedFile.Multi.Generic ) - warning
18:21:57.0859 0688 xritedeviced - detected UnsignedFile.Multi.Generic (1)
18:21:57.0875 0688 ================ Scan global ===============================
18:21:57.0906 0688 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
18:21:57.0953 0688 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
18:21:57.0968 0688 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
18:21:57.0968 0688 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
18:21:57.0968 0688 [Global] - ok
18:21:57.0968 0688 ================ Scan MBR ==================================
18:21:58.0000 0688 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
18:21:58.0015 0688 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - infected
18:21:58.0015 0688 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Sinowal.b (0)
18:21:58.0062 0688 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk6\DR7
18:21:58.0187 0688 \Device\Harddisk6\DR7 - ok
18:21:58.0187 0688 ================ Scan VBR ==================================
18:21:58.0187 0688 [ 9317043D2B2B94065113028AA9DCA670 ] \Device\Harddisk0\DR0\Partition1
18:21:58.0187 0688 \Device\Harddisk0\DR0\Partition1 - ok
18:21:58.0187 0688 [ 3ECE403E7B1C0FE83AEAC0FDBB490637 ] \Device\Harddisk6\DR7\Partition1
18:21:58.0203 0688 \Device\Harddisk6\DR7\Partition1 - ok
18:21:58.0203 0688 ============================================================
18:21:58.0203 0688 Scan finished
18:21:58.0203 0688 ============================================================
18:21:58.0312 0132 Detected object count: 10
18:21:58.0312 0132 Actual detected object count: 10
18:22:29.0156 0132 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
18:22:29.0156 0132 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:22:29.0156 0132 AsIO ( UnsignedFile.Multi.Generic ) - skipped by user
18:22:29.0156 0132 AsIO ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:22:29.0156 0132 Bonjour Service ( UnsignedFile.Multi.Generic ) - skipped by user
18:22:29.0156 0132 Bonjour Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:22:29.0156 0132 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
18:22:29.0156 0132 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:22:29.0156 0132 i1 Pro Service ( UnsignedFile.Multi.Generic ) - skipped by user
18:22:29.0156 0132 i1 Pro Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:22:29.0171 0132 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
18:22:29.0171 0132 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:22:29.0171 0132 Macromedia Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
18:22:29.0171 0132 Macromedia Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:22:29.0171 0132 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
18:22:29.0171 0132 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:22:29.0171 0132 xritedeviced ( UnsignedFile.Multi.Generic ) - skipped by user
18:22:29.0171 0132 xritedeviced ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:22:29.0500 0132 \Device\Harddisk0\DR0\# - copied to quarantine
18:22:29.0500 0132 \Device\Harddisk0\DR0 - copied to quarantine
18:22:29.0531 0132 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - will be cured on reboot
18:22:29.0531 0132 \Device\Harddisk0\DR0 - ok
18:22:29.0531 0132 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - User select action: Cure
18:22:32.0390 3084 Deinitialize success
  • 0

#12
blmadara
Posted 09 September 2012 - 07:54 AM

blmadara

    Trusted Helper

  • Malware Removal
  • 767 posts
Hi jester1525,

One or more of the identified infections has backdoor capabilities. These programs can steal passwords and other sensitive information from your computer.

If you use this computer for internet banking or bill paying I recommend that you immediately:

1. Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.

2. From an uninfected computer, change ALL your online passwords for email, banks, financial accounts, PayPal, eBay, online companies, and any online forum or group that you belong to.

Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.

It will not be possible to be 100% certain that this machine will be clean, if this is unacceptable to you then you should consider reformatting the system partition and reinstalling Windows as this is the only sure answer.

Please read the following articles for more information:
If you wish to reformat, please let me know in your next response. I'll continue with instructions for cleaning if that's the route you wish to take.

Step One: Submit Files to VirSCAN File Scanner

  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:

    • c:\windows\system32\dllcache\jsdbgui.dll
    • c:\windows\system32\sfcfiles.dll
  • Click on the Upload button
  • If a pop-up appears saying the file has been scanned already, please select the ReScan button.
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.


Step Two: Run OTL

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    /md5start
jsdbgui.dll
sfcfiles.dll
/md5stop
  • Please select the Scan All Users checkbox.
  • Change the File Age dropdown list from 30 days to 60 days.
  • Then click the Run Scan button at the top
  • Let the program run unhindered, until it is done
  • Post the log it produces in your next reply.

Step Three: Download and run Security Check by screen317

Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Step Four: How is your computer running?

Please let me know how your computer is running and if any problems remain.

What I need in your next post:
1. The reports generated by VirSCAN.
2. The OTL log, otl.txt.
3. The Security Check report, checkup.txt.
4. Let me know how your computer is running.
  • 0

#13
jester1525
Posted 10 September 2012 - 12:03 AM

jester1525

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Wow - that's not good..

I'll have to check with the wife and see what we want to do.. I'm guessing I'll be formatting, but let's at least get all the way through this.. as much as I'd like to just dump everything and toss on Windows 7, I have to deal with a few things first.


VirSCAN.org Scanned Report :
Scanned time : 2012/09/09 23:27:31 (MDT)
Scanner results: Scanners did not find malware!
File Name : jsdbgui.dll
File Size : 521728 byte
File Type : PE32 executable for MS Windows (DLL) (console) Intel 80386 3
MD5 : b500d82589dcd9714e690117f7ba3e28
SHA1 : 24192379d91d41527354813781339d2e02356a65
Online report : http://r.virscan.org...5c881b8ceecd2ab

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.1.0.4 20120910120126 2012-09-10 7.71 -
AhnLab V3 2012.09.10.00 2012.09.10 2012-09-10 2.42 -
AntiVir 8.2.10.150 7.11.41.132 2012-09-01 0.23 -
Antiy 2.0.18 2.0.18. 0002-18-00 0.30 -
Arcavir 2011 201206041805 2012-06-04 4.64 -
Authentium 5.1.1 201209090949 2012-09-09 1.51 -
AVAST! 4.7.4 120909-1 2012-09-09 0.29 -
AVG 12.0.1787 2437/5259 2012-09-09 0.32 -
BitDefender 7.90123.7581891 7.43374 2012-09-09 4.15 -
ClamAV 0.97.5 15334 2012-09-10 0.52 -
Comodo 5.1 13487 2012-09-08 2.44 -
CP Secure 1.3.0.5 2012.09.09 2012-09-09 0.26 -
Dr.Web 7.0.3.7130 2012.09.10 2012-09-10 20.34 -
F-Prot 4.6.2.117 20120909 2012-09-09 1.25 -
F-Secure 7.02.73807 2012.09.09.06 2012-09-09 0.40 -
Fortinet 4.3.392 16.375 2012-09-08 0.15 -
GData 22.6041 20120910 2012-09-10 5.89 -
ViRobot 20120908 2012.09.08 2012-09-08 0.38 -
Ikarus T3.1.32.20.0 2012.09.10.82236 2012-09-10 9.05 -
JiangMin 13.0.900 2012.09.10 2012-09-10 2.14 -
Kaspersky 5.5.10 2012.09.09 2012-09-09 0.47 -
KingSoft 2009.2.5.15 2012.9.10.9 2012-09-10 0.87 -
McAfee 5400.1158 6830 2012-09-09 9.42 -
Microsoft 1.8704 2012.09.10 2012-09-10 3.97 -
NOD32 3.0.21 7460 2012-09-09 0.22 -
Norman 6.8.3 201208311030 2012-08-31 0.00 -
Panda 9.05.01 2012.09.07 2012-09-07 2.74 -
Trend Micro 9.500-1005 9.382.05 2012-09-09 0.30 -
Quick Heal 11.00 2012.09.08 2012-09-08 1.12 -
Rising 20.0 24.26.03.03 2012-09-06 2.93 -
Sophos 3.34.0 4.80 2012-09-10 7.11 -
Sunbelt 3.9.2545.2 12992 2012-09-09 0.88 -
Symantec 1.3.0.24 20120909.008 2012-09-09 0.62 -
nProtect 20120910.01 11991388 2012-09-10 1.51 -
The Hacker 6.8.0.0 v00091 2012-09-09 0.64 -
VBA32 3.12.18.1 20120908.1113 2012-09-08 3.75 -
VirusBuster 5.5.2.13 15.0.184.0/97380922012-09-09 0.20 -















VirSCAN.org Scanned Report :
Scanned time : 2012/03/14 23:41:36 (MDT)
Scanner results: Scanners did not find malware!
File Name : sfcfiles.dll
File Size : 1614848 byte
File Type : PE32 executable for MS Windows (DLL) (console) Intel 80386 3
MD5 : 362bc5af8eaf712832c58cc13ae05750
SHA1 : c8c2d44f34115f27f10bc435dd986d4eff00fe3f
Online report : http://r.virscan.org...5614f0bf52d40b0

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.1.0.4 20120315100247 2012-03-15 0.83 -
AhnLab V3 2012.03.14.03 2012.03.14 2012-03-14 4.27 -
AntiVir 8.2.8.44 7.11.21.199 2012-01-27 0.24 -
Antiy 2.0.18 2.0.18. 0002-18-00 0.48 -
Arcavir 2011 201203110115 2012-03-11 5.20 -
Authentium 5.1.1 201203141913 2012-03-14 1.53 -
AVAST! 4.7.4 120314-1 2012-03-14 0.44 -
AVG 12.0.1782 2114/4870 2012-03-14 0.27 -
BitDefender 7.90123.7034436 7.41439 2012-03-15 3.66 -
ClamAV 0.97.3 14651 2012-03-15 0.41 -
Comodo 5.1 11794 2012-03-14 6.44 -
CP Secure 1.3.0.5 2012.03.15 2012-03-15 0.52 -
Dr.Web 7.0.0.11250 2012.03.12 2012-03-12 13.09 -
F-Prot 4.6.2.117 20120315 2012-03-15 0.89 -
F-Secure 7.02.73807 2012.02.07.03 2012-02-07 0.31 -
Fortinet 4.3.392 15.314 2012-03-14 0.78 -
GData 22.4233 20120315 2012-03-15 8.62 -
ViRobot 20120314 2012.03.14 2012-03-14 0.42 -
Ikarus T3.1.32.20.0 2012.03.15.80727 2012-03-15 6.14 -
JiangMin 13.0.900 2012.03.14 2012-03-14 4.45 -
Kaspersky 5.5.10 2012.03.14 2012-03-14 0.30 -
KingSoft 2009.2.5.15 2012.3.15.9 2012-03-15 1.80 -
McAfee 5400.1158 6649 2012-03-14 10.08 -
Microsoft 1.8101 2012.03.15 2012-03-15 4.93 -
NOD32 3.0.21 6841 2012-01-30 0.17 -
Panda 9.05.01 2012.03.13 2012-03-13 1.86 -
Trend Micro 9.500-1005 8.836.05 2012-03-14 0.24 -
Quick Heal 11.00 2012.03.15 2012-03-15 2.81 -
Rising 20.0 24.01.03.01 2012-03-15 4.24 -
Sophos 3.29.0 4.75 2012-03-15 5.07 -
Sunbelt 3.9.2530.2 11666 2012-03-14 1.13 -
Symantec 1.3.0.24 20120313.002 2012-03-13 0.70 -
nProtect 20120314.01 11019913 2012-03-14 2.53 -
The Hacker 6.7.0.1 v00425 2012-03-13 0.94 -
VBA32 3.12.16.4 20120314.1139 2012-03-14 3.71 -
VirusBuster 5.4.1.9 14.1.262.0/81275322012-03-15 0.20 -































OTL logfile created on: 9/9/2012 11:39:40 PM - Run 5
OTL by OldTimer - Version 3.2.58.1 Folder = C:\Documents and Settings\User\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.80 Gb Available Physical Memory | 60.09% Memory free
3.86 Gb Paging File | 2.55 Gb Available in Paging File | 65.96% Paging File free
Paging file location(s): C:\pagefile.sys 1046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 201.43 Gb Free Space | 43.25% Space Free | Partition Type: NTFS
Drive I: | 7.44 Gb Total Space | 6.31 Gb Free Space | 84.79% Space Free | Partition Type: FAT32

Computer Name: DEN | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

========== Processes (SafeList) ==========

PRC - [2012/09/06 23:43:23 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2012/08/29 20:58:46 | 001,229,848 | ---- | M] (Google Inc.) -- C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2012/08/21 20:33:17 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
PRC - [2012/08/15 18:13:54 | 007,316,480 | ---- | M] (Google Inc.) -- C:\Documents and Settings\User\Local Settings\Application Data\Programs\Google\MusicManager\MusicManager.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/01/03 09:23:11 | 000,640,440 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2011/11/02 02:00:44 | 000,090,448 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2011/03/21 12:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/08/20 10:36:38 | 001,578,496 | ---- | M] (X-Rite Inc.) -- C:\Program Files\X-Rite\Devices\Services\i1Pro\i1ProDeviceService.exe
PRC - [2010/08/10 20:08:54 | 000,141,312 | ---- | M] (X-Rite Inc.) -- C:\Program Files\X-Rite\Devices\Services\xritedeviced.exe
PRC - [2009/07/08 12:31:24 | 000,236,016 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
PRC - [2009/07/08 12:29:34 | 000,018,416 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
PRC - [2008/05/01 16:41:38 | 000,136,488 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
PRC - [2008/05/01 16:40:44 | 003,032,360 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Pen_Tablet.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/31 17:29:06 | 000,196,608 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
PRC - [2007/06/05 14:20:32 | 000,177,704 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/29 20:58:45 | 000,442,392 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.89\ppgooglenaclpluginchrome.dll
MOD - [2012/08/29 20:58:44 | 012,237,336 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
MOD - [2012/08/29 20:58:42 | 003,997,720 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.89\pdf.dll
MOD - [2012/08/29 20:57:15 | 000,144,424 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.89\avutil-51.dll
MOD - [2012/08/29 20:57:13 | 000,266,792 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.89\avformat-54.dll
MOD - [2012/08/29 20:57:12 | 002,480,680 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.89\avcodec-54.dll
MOD - [2012/08/15 18:02:40 | 000,344,064 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\Programs\Google\MusicManager\libaudioenc.dll
MOD - [2012/08/15 18:02:30 | 000,231,936 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\Programs\Google\MusicManager\libmpgdec.dll
MOD - [2012/08/15 18:01:44 | 000,231,936 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\Programs\Google\MusicManager\libid3tag.dll
MOD - [2012/08/15 18:01:38 | 000,117,248 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\Programs\Google\MusicManager\libaacdec.dll
MOD - [2012/08/15 17:52:20 | 000,241,664 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MultiDesk.HydraVision.Dashboard\2.0.3548.36920__90ba9c70f846762e\CLI.Aspect.MultiDesk.HydraVision.Dashboard.dll
MOD - [2012/08/15 17:52:20 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MDProp.HydraVision.Dashboard\2.0.3548.36919__90ba9c70f846762e\CLI.Aspect.MDProp.HydraVision.Dashboard.dll
MOD - [2012/08/15 17:52:20 | 000,163,840 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeskMan.HydraVision.Dashboard\2.0.3548.36918__90ba9c70f846762e\CLI.Aspect.DeskMan.HydraVision.Dashboard.dll
MOD - [2012/08/15 17:52:20 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Grid.HydraVision.Runtime\2.0.3548.36915__90ba9c70f846762e\CLI.Aspect.Grid.HydraVision.Runtime.dll
MOD - [2012/08/15 17:52:20 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeskMan.HydraVision.Runtime\2.0.3548.36918__90ba9c70f846762e\CLI.Aspect.DeskMan.HydraVision.Runtime.dll
MOD - [2012/08/15 17:52:20 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MultiDesk.HydraVision.Runtime\2.0.3548.36920__90ba9c70f846762e\CLI.Aspect.MultiDesk.HydraVision.Runtime.dll
MOD - [2012/08/15 17:52:20 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MDProp.HydraVision.Runtime\2.0.3548.36919__90ba9c70f846762e\CLI.Aspect.MDProp.HydraVision.Runtime.dll
MOD - [2012/08/15 17:52:20 | 000,012,800 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeskMan.HydraVision.Shared\2.0.3548.36918__90ba9c70f846762e\CLI.Aspect.DeskMan.HydraVision.Shared.dll
MOD - [2012/08/15 17:52:20 | 000,010,240 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MDProp.HydraVision.Shared\2.0.3548.36919__90ba9c70f846762e\CLI.Aspect.MDProp.HydraVision.Shared.dll
MOD - [2012/08/15 17:52:20 | 000,010,240 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Grid.HydraVision.Shared\2.0.3548.36914__90ba9c70f846762e\CLI.Aspect.Grid.HydraVision.Shared.dll
MOD - [2012/08/15 17:52:20 | 000,009,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MultiDesk.HydraVision.Shared\2.0.3548.36919__90ba9c70f846762e\CLI.Aspect.MultiDesk.HydraVision.Shared.dll
MOD - [2012/08/15 17:52:19 | 001,736,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3548.36830__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2012/08/15 17:52:19 | 000,364,544 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3548.36811__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2012/08/15 17:52:19 | 000,311,296 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HydraVision.Wizard\2.0.3548.36921__90ba9c70f846762e\CLI.Aspect.HydraVision.Wizard.dll
MOD - [2012/08/15 17:52:19 | 000,204,800 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3548.36831__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2012/08/15 17:52:19 | 000,147,456 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Grid.HydraVision.Dashboard\2.0.3548.36914__90ba9c70f846762e\CLI.Aspect.Grid.HydraVision.Dashboard.dll
MOD - [2012/08/15 17:52:19 | 000,077,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3548.36882__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2012/08/15 17:52:19 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3548.36825__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2012/08/15 17:52:19 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3548.36854__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2012/08/15 17:52:19 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3548.36820__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2012/08/15 17:52:19 | 000,011,776 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Runtime\2.0.3548.36914__90ba9c70f846762e\CLI.Caste.HydraVision.Runtime.dll
MOD - [2012/08/15 17:52:19 | 000,008,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Shared\2.0.3548.36913__90ba9c70f846762e\CLI.Caste.HydraVision.Shared.dll
MOD - [2012/08/15 17:52:19 | 000,007,680 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Wizard\2.0.3548.36918__90ba9c70f846762e\CLI.Caste.HydraVision.Wizard.dll
MOD - [2012/08/15 17:52:19 | 000,007,680 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Dashboard\2.0.3548.36914__90ba9c70f846762e\CLI.Caste.HydraVision.Dashboard.dll
MOD - [2012/08/15 17:52:18 | 000,491,520 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3548.36901__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2012/08/15 17:52:18 | 000,094,208 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3548.36869__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2012/08/15 17:52:18 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3548.36820__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2012/08/15 17:52:18 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3548.36863__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2012/08/15 17:52:18 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Dashboard\2.0.3548.36830__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Dashboard.dll
MOD - [2012/08/15 17:52:18 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3548.36902__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2012/08/15 17:52:18 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Runtime\2.0.3548.36830__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Runtime.dll
MOD - [2012/08/15 17:52:17 | 000,077,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.3548.36912__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.dll
MOD - [2012/08/15 17:52:17 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3548.36868__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2012/08/15 17:52:16 | 000,823,296 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3548.36856__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2012/08/15 17:52:16 | 000,573,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3548.36832__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2012/08/15 17:52:16 | 000,409,600 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3548.36877__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2012/08/15 17:52:16 | 000,409,600 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3548.36821__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2012/08/15 17:52:16 | 000,196,608 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3548.36831__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2012/08/15 17:52:16 | 000,094,208 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3548.36855__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2012/08/15 17:52:16 | 000,094,208 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3548.36861__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2012/08/15 17:52:16 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3548.36861__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2012/08/15 17:52:15 | 000,393,216 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3548.36855__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2012/08/15 17:52:15 | 000,360,448 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3548.36850__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2012/08/15 17:52:15 | 000,270,336 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2012/08/15 17:52:15 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3548.36854__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2012/08/15 17:52:15 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3548.36836__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2012/08/15 17:52:15 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3548.36855__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2012/08/15 17:52:15 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3548.36862__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2012/08/15 17:52:14 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3531.24440__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2012/08/15 17:52:14 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3531.24439__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2012/08/15 17:52:14 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3531.24478__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2012/08/15 17:52:14 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3531.24559__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll
MOD - [2012/08/15 17:52:14 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3531.24552__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2012/08/15 17:52:14 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3531.24471__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2012/08/15 17:52:14 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3531.24549__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2012/08/15 17:52:14 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2012/08/15 17:52:13 | 000,139,264 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3531.24451__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2012/08/15 17:52:13 | 000,098,304 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.3531.24414__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2012/08/15 17:52:13 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2012/08/15 17:52:13 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.3531.24410__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2012/08/15 17:52:13 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3531.24412__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2012/08/15 17:52:13 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3531.24636__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2012/08/15 17:52:13 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3531.24442__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2012/08/15 17:52:13 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.dll
MOD - [2012/08/15 17:52:13 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3531.24449__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2012/08/15 17:52:13 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3531.24426__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2012/08/15 17:52:13 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.3531.24466__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2012/08/15 17:52:13 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2012/08/15 17:52:13 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.3531.24494__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2012/08/15 17:52:13 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2012/08/15 17:52:13 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3531.24455__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2012/08/15 17:52:13 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3531.24498__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2012/08/15 17:52:13 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3531.24460__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2012/08/15 17:52:12 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3531.24511__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2012/08/15 17:52:12 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.3531.24556__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.dll
MOD - [2012/08/15 17:52:12 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3531.24504__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2012/08/15 17:52:12 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3531.24510__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2012/08/15 17:52:12 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3531.24502__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2012/08/15 17:52:12 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3531.24538__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2012/08/15 17:52:12 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3531.24476__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2012/08/15 17:52:12 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3531.24499__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2012/08/15 17:52:12 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3531.24495__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2012/08/15 17:52:12 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3531.24506__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2012/08/15 17:52:12 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Shared\2.0.3531.24498__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Shared.dll
MOD - [2012/08/15 17:52:12 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3531.24472__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2012/08/15 17:52:11 | 000,651,264 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3548.36926__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll
MOD - [2012/08/15 17:52:11 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3531.24503__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2012/08/15 17:52:11 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3548.36907__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2012/08/15 17:52:11 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3531.24509__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2012/08/15 17:52:11 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3531.24467__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2012/08/15 17:52:11 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3531.24435__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll
MOD - [2012/08/15 17:52:11 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.3531.24469__90ba9c70f846762e\APM.Foundation.dll
MOD - [2012/08/15 17:52:11 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3531.24441__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2012/08/15 17:52:11 | 000,014,848 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
MOD - [2012/08/15 17:52:11 | 000,013,312 | ---- | M] () -- C:\WINDOWS\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll
MOD - [2012/08/15 17:52:11 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3548.36809__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2012/08/15 17:52:10 | 000,561,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3548.36890__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2012/08/15 17:52:10 | 000,405,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3548.36825__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2012/08/15 17:52:10 | 000,106,496 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.3548.36896__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2012/08/15 17:52:10 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3548.36894__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2012/08/15 17:52:10 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3548.36809__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2012/08/15 17:52:10 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3548.36810__90ba9c70f846762e\CLI.Component.SkinFactory.dll
MOD - [2012/08/15 17:52:10 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3531.24457__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2012/08/15 17:52:10 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3531.24420__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2012/08/15 17:52:10 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3531.24429__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2012/08/15 17:52:10 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3531.24462__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2012/08/15 17:52:10 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3531.24459__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2012/08/15 17:52:09 | 001,220,608 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3548.36816__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2012/08/15 17:52:09 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3531.24445__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2012/08/15 17:52:09 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3531.24463__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2012/08/15 17:52:08 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2012/08/15 17:52:08 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3531.24513__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2012/08/15 17:52:08 | 000,019,456 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.3548.36896__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2012/08/15 17:52:07 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.3548.36807__90ba9c70f846762e\APM.Server.dll
MOD - [2012/08/15 17:52:07 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.3548.36808__90ba9c70f846762e\AEM.Server.dll
MOD - [2012/08/15 17:37:40 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\Programs\Google\MusicManager\imageformats\qgif4.dll
MOD - [2012/08/15 17:37:24 | 010,683,392 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\Programs\Google\MusicManager\QtWebKit4.dll
MOD - [2012/08/15 17:37:22 | 007,741,952 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\Programs\Google\MusicManager\QtGui4.dll
MOD - [2012/08/15 17:37:22 | 001,681,408 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\Programs\Google\MusicManager\QtNetwork4.dll
MOD - [2012/08/15 17:37:20 | 002,248,192 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\Programs\Google\MusicManager\QtCore4.dll
MOD - [2012/06/13 03:33:16 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll
MOD - [2012/06/13 03:28:01 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll
MOD - [2012/06/13 03:27:47 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll
MOD - [2012/06/13 03:24:42 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2012/05/11 03:21:18 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
MOD - [2012/05/11 03:17:39 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\016444dfc5f7e3d11c776f2fbc7a4594\Accessibility.ni.dll
MOD - [2012/05/11 03:16:07 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012/05/11 03:14:30 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012/05/11 03:14:21 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2012/01/08 07:41:12 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2011/11/03 09:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/09/27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/21 12:57:34 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/03/21 12:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2009/11/26 02:08:23 | 000,049,152 | ---- | M] () -- C:\WINDOWS\system32\LXECPMON.DLL
MOD - [2009/08/28 16:08:26 | 000,016,384 | R--- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
MOD - [2009/08/11 21:18:28 | 000,497,664 | ---- | M] () -- C:\WINDOWS\system32\ac3filter.acm
MOD - [2009/02/27 16:39:29 | 000,019,968 | ---- | M] () -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AcroTray.DEU
MOD - [2009/02/27 16:32:27 | 000,020,480 | ---- | M] () -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AcroTray.FRA
MOD - [2009/01/13 09:15:12 | 004,485,120 | ---- | M] () -- C:\WINDOWS\system32\LXECoem.dll
MOD - [2008/04/14 05:42:44 | 000,148,992 | ---- | M] () -- C:\WINDOWS\system32\mpg2splt.ax
MOD - [2008/04/14 05:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 05:41:54 | 000,498,742 | ---- | M] () -- C:\WINDOWS\system32\dxmasf.dll
MOD - [2008/04/14 05:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/06/05 14:20:32 | 000,177,704 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
MOD - [2004/08/04 06:00:00 | 000,015,360 | ---- | M] () -- C:\WINDOWS\system32\tsd32.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/09/06 23:43:23 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/08/22 17:52:30 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/20 13:54:24 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/08/20 10:36:38 | 001,578,496 | ---- | M] (X-Rite Inc.) [Auto | Running] -- C:\Program Files\X-Rite\Devices\Services\i1Pro\i1ProDeviceService.exe -- (i1 Pro Service)
SRV - [2010/08/10 20:08:54 | 000,141,312 | ---- | M] (X-Rite Inc.) [Auto | Running] -- C:\Program Files\X-Rite\Devices\Services\xritedeviced.exe -- (xritedeviced)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2008/12/05 09:17:40 | 000,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)
SRV - [2008/11/30 01:30:06 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/05/01 16:40:44 | 003,032,360 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\WINDOWS\system32\Pen_Tablet.exe -- (TabletServicePen)
SRV - [2007/06/05 14:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)
SRV - [2007/03/20 17:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\PciCon.sys -- (PciCon)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\User\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2012/09/09 04:30:03 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/07/12 19:29:22 | 001,270,120 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rtwlanu.sys -- (RTL8192cu)
DRV - [2011/01/26 23:34:32 | 006,406,656 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2010/09/28 07:50:50 | 000,015,872 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\XPTWOPORT.sys -- (XPTWOPORT)
DRV - [2009/08/19 06:05:56 | 000,100,368 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2008/08/01 18:36:26 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008/08/01 18:36:20 | 000,054,784 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2008/03/17 14:14:52 | 000,015,144 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV - [2008/02/01 18:12:36 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2008/02/01 18:12:36 | 000,004,962 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)
DRV - [2008/01/15 14:11:46 | 000,013,480 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2007/08/09 13:11:40 | 000,102,400 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvgts.sys -- (nvgts)
DRV - [2007/02/16 13:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2007/02/15 18:11:28 | 000,011,440 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WacomVKHid.sys -- (WacomVKHid)
DRV - [2006/03/18 04:18:58 | 000,392,960 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2005/11/24 20:51:38 | 000,245,248 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {154d339e-ccaa-49a5-9b38-6878ad4220bc}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{154d339e-ccaa-49a5-9b38-6878ad4220bc}: "URL" = http://www.searchamo...t=webs&bar=true
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1606980848-1417001333-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchamong.com
IE - HKU\S-1-5-21-1606980848-1417001333-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.searchamo...t=webs&bar=true
IE - HKU\S-1-5-21-1606980848-1417001333-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchamo...t=webs&bar=true
IE - HKU\S-1-5-21-1606980848-1417001333-1801674531-1003\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-1606980848-1417001333-1801674531-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKU\S-1-5-21-1606980848-1417001333-1801674531-1003\..\SearchScopes\{154d339e-ccaa-49a5-9b38-6878ad4220bc}: "URL" = http://www.searchamo...t=webs&bar=true
IE - HKU\S-1-5-21-1606980848-1417001333-1801674531-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.ca...g}&sourceid=ie7
IE - HKU\S-1-5-21-1606980848-1417001333-1801674531-1003\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT1060933
IE - HKU\S-1-5-21-1606980848-1417001333-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1606980848-1417001333-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.facebook...www.google.ca/"
FF - prefs.js..keyword.URL: "http://www.google.co...-8&oe=utf-8&q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\User\Application Data\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\User\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/04/28 08:18:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/04/28 08:18:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/08/08 20:59:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/09/06 23:43:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/08/08 20:59:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.11\extensions\\Components: C:\Program Files\SeaMonkey\components [2012/08/08 20:59:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.11\extensions\\Plugins: C:\Program Files\SeaMonkey\plugins

[2009/03/05 11:35:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions
[2012/08/15 23:20:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\qm52wcga.default\extensions
[2009/09/09 08:29:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\qm52wcga.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe41}
[2011/11/28 23:30:50 | 000,000,000 | ---D | M] (Freecorder Community Toolbar) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\qm52wcga.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
[2011/03/15 17:57:01 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\qm52wcga.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/10/22 07:53:04 | 000,000,000 | ---D | M] (History Submenus) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\qm52wcga.default\extensions\{7102aba3-045c-4ec2-b921-46d87636d84b}
[2012/05/16 22:19:48 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\qm52wcga.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012/03/26 19:16:34 | 000,000,000 | ---D | M] (FoxLingo) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\qm52wcga.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}
[2010/10/22 07:53:05 | 000,000,000 | ---D | M] (AnyColor) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\qm52wcga.default\extensions\[email protected]
[2011/03/19 12:02:12 | 000,000,000 | ---D | M] (Personas) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\qm52wcga.default\extensions\[email protected]
[2012/07/26 22:12:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\SeaMonkey\Profiles\t5o8xgjp.default\extensions
[2009/10/21 07:42:14 | 000,002,279 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\qm52wcga.default\searchplugins\ask.xml
[2010/10/20 15:40:12 | 000,000,923 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\qm52wcga.default\searchplugins\conduit.xml
[2012/09/05 20:59:20 | 000,002,282 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\qm52wcga.default\searchplugins\surf-canyon.xml
[2012/09/05 20:59:20 | 000,002,112 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\qm52wcga.default\searchplugins\wot-safe-search.xml
[2009/10/21 07:42:14 | 000,000,573 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\qm52wcga.default\searchplugins\yahoo.xml
[2011/11/13 19:03:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/08/15 23:20:42 | 000,166,004 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\QM52WCGA.DEFAULT\EXTENSIONS\{A64F9D1E-FA5E-11DA-A187-6B94C2ED2B83}.XPI
[2011/10/10 13:20:18 | 000,254,273 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\QM52WCGA.DEFAULT\EXTENSIONS\{CE6E6E3B-84DD-4CAC-9F63-8D2AE4F30A4B}.XPI
[2012/08/09 23:22:55 | 000,045,226 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\QM52WCGA.DEFAULT\EXTENSIONS\{EF522540-89F5-46B9-B6FE-1829E2B572C6}.XPI
[2012/02/12 22:44:02 | 000,061,854 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\QM52WCGA.DEFAULT\EXTENSIONS\[email protected]
[2012/07/20 13:54:25 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2007/06/21 18:38:54 | 000,079,432 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll
[2007/06/21 18:38:56 | 000,071,240 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\confmgr.dll
[2007/06/21 18:39:18 | 000,034,376 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\logging.dll
[2007/06/21 18:39:34 | 000,325,200 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll
[2007/06/21 18:40:02 | 000,030,280 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll
[2011/09/28 18:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/13 19:03:40 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Documents and Settings\User\Application Data\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Unity Player (Enabled) = C:\Documents and Settings\User\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Hide My [bleep]! Web Proxy = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cmgnmcnlncejehjlnhaglpnoolgbflbd\1.2.5_0\
CHR - Extension: Google+ = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dlppkpafhbajpcmmoheippocdidnckmm\1.0.1.424_0\
CHR - Extension: PageEdit = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ebkclgoaabaibghklgknnjdemknjaeic\0.0.28_0\
CHR - Extension: DivX HiQ = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\
CHR - Extension: Air Hockey = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hcchbhjknakkndfpdbapmdkhbbgojkno\4.0.0_0\
CHR - Extension: LastPass = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\2.0.10_0\
CHR - Extension: MarkUp = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hooflclkcdjfidkpcammhdghekaohjfa\1.2.0_0\
CHR - Extension: goo.gl URL Shortener = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\iblijlcdoidgdpfknkckljiocdbnlagk\0.7.2_0\
CHR - Extension: Google Play = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi\3.0_0\
CHR - Extension: Evernote Web = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol\1.0.7_0\
CHR - Extension: Google Bookmarks = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mnedccijmniojgaehpjebjfpkmafecho\0.6.1_0\
CHR - Extension: +Photo Zoom = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\njoglkofocgopmdfjnbifnicbickbola\0.1.0.29_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\
CHR - Extension: SwiftPreview = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nphfkpgklibhnhgegdblhnhicgfginnj\2.1.3_0\
CHR - Extension: Google Chrome to Phone Extension = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco\2.3.1_0\
CHR - Extension: Psykopaint = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil\0.0.0.10_0\
CHR - Extension: Psykopaint = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil\0.0.0.10_0\.bak
CHR - Extension: Google Reader = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjjhlfkghdhmijklfnahfkpgmhcmfgcm\4.3_0\
CHR - Extension: Canvas Rider = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\poknhlcknimnnbfcombaooklofipaibk\0.7_0\

O1 HOSTS File: ([2012/09/05 18:15:35 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1606980848-1417001333-1801674531-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-1606980848-1417001333-1801674531-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-1606980848-1417001333-1801674531-1003..\Run: [MusicManager] C:\Documents and Settings\User\Local Settings\Application Data\Programs\Google\MusicManager\MusicManager.exe (Google Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 File not found
O4 - HKU\S-1-5-18..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 File not found
O4 - Startup: C:\Documents and Settings\HelpAssistant\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk = File not found
O4 - Startup: C:\Documents and Settings\User\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Privacy present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1606980848-1417001333-1801674531-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1606980848-1417001333-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1606980848-1417001333-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1606980848-1417001333-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {395E58B9-090C-461A-8F27-087D1C727945} http://conference.rship.ca/joinie.cab (Web Conferencing)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1227746001859 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 75.153.176.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2CCD4236-278F-41E7-BB2A-BBFEF7B0187B}: NameServer = 156.154.70.22,156.154.71.22
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{407DEE13-CA4E-4EB2-ADD2-780776220F8D}: NameServer = 156.154.70.22,156.154.71.22
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7B45EF8D-71DB-4BDB-BA84-A895D63AFD3C}: DhcpNameServer = 192.168.1.254 75.153.176.1
O18 - Protocol\Handler\intu-qt2008 {05E53CE9-66C8-4a9e-A99F-FDB7A8E7B596} - C:\Program Files\QuickTax 2008\ic2008pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\intu-qt2009 {03947252-2355-4e9b-B446-8CCC75C43370} - C:\Program Files\QuickTax 2009\ic2009pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\intu-tt2010 {97A0575E-2309-4e75-8509-B1F9390C4DE7} - C:\Program Files\TurboTax 2010\ic2010pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\intu-tt2011 {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - C:\Program Files\TurboTax 2011\ic2011pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/11/26 18:59:53 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 60 Days ==========

[2012/09/09 04:30:03 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/09/06 23:44:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Sun
[2012/09/06 23:43:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/09/06 23:43:46 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2012/09/06 23:43:46 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2012/09/06 23:43:34 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012/09/06 23:43:34 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012/09/06 23:43:34 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2012/09/06 22:32:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\media-militia-lens-flares
[2012/09/05 21:11:36 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/09/05 18:22:29 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/09/05 18:20:53 | 002,211,928 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\User\Desktop\tdsskiller.exe
[2012/09/05 18:02:09 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/09/05 17:59:29 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/09/05 17:59:29 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/09/05 17:59:29 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/09/05 17:59:29 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/09/05 17:59:24 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/09/05 17:59:20 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/09/05 17:55:05 | 004,743,773 | R--- | C] (Swearware) -- C:\Documents and Settings\User\Desktop\ComboFix.exe
[2012/09/04 17:41:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Zeon
[2012/08/27 20:39:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\table and chairs
[2012/08/26 20:30:36 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/08/26 20:28:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2012/08/23 15:32:45 | 000,000,000 | ---D | C] -- C:\Program Files\Citrix
[2012/08/22 17:34:55 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/08/21 21:32:36 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\User\Desktop\aswMBR.exe
[2012/08/19 22:52:51 | 000,442,560 | ---- | C] (Shlemoon Media Inc) -- C:\Documents and Settings\User\Application Data\fdmer.exe
[2012/08/19 22:52:48 | 000,525,312 | ---- | C] (BrowserSetter) -- C:\Documents and Settings\User\Application Data\bsetter-own.exe
[2012/08/19 22:52:48 | 000,000,000 | ---D | C] -- C:\Program Files\Freedom Download Manager
[2012/08/18 22:57:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2012/08/18 22:57:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Security Task Manager
[2012/08/18 22:57:48 | 000,000,000 | ---D | C] -- C:\Program Files\Security Task Manager
[2012/08/15 23:45:40 | 000,446,464 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvunrm.exe
[2012/08/15 23:45:40 | 000,446,464 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvuninst.exe
[2012/08/15 18:53:21 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2012/08/15 18:50:41 | 000,521,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
[2012/08/15 18:00:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\ATI
[2012/08/15 18:00:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\ATI
[2012/08/15 18:00:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ATI
[2012/08/15 17:52:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Start Menu\Programs\ATI Problem Report Wizard
[2012/08/15 17:52:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Start Menu\Programs\Catalyst Control Center
[2012/08/15 17:51:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2012/08/15 17:51:13 | 000,100,368 | ---- | C] (ATI Research Inc.) -- C:\WINDOWS\System32\drivers\AtiHdmi.sys
[2012/08/15 17:50:10 | 017,252,352 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\atioglxx.dll
[2012/08/15 17:50:10 | 006,406,656 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtag.sys
[2012/08/15 17:50:10 | 006,406,656 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati2mtag.sys
[2012/08/15 17:50:10 | 004,636,672 | ---- | C] (Advanced Micro Devices Inc.) -- C:\WINDOWS\System32\aticaldd.dll
[2012/08/15 17:50:10 | 004,029,824 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ati3duag.dll
[2012/08/15 17:50:10 | 002,673,280 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\System32\ativvaxx.dll
[2012/08/15 17:50:10 | 000,847,872 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2cqag.dll
[2012/08/15 17:50:10 | 000,651,264 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\atikvmag.dll
[2012/08/15 17:50:10 | 000,483,328 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\atiok3x2.dll
[2012/08/15 17:50:10 | 000,462,848 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\ATIDEMGX.dll
[2012/08/15 17:50:10 | 000,311,296 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\atiiiexx.dll
[2012/08/15 17:50:10 | 000,302,080 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2dvag.dll
[2012/08/15 17:50:10 | 000,294,912 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\ATIODE.exe
[2012/08/15 17:50:10 | 000,212,992 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\atipdlxx.dll
[2012/08/15 17:50:10 | 000,196,608 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\atiadlxx.dll
[2012/08/15 17:50:10 | 000,188,416 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2evxx.dll
[2012/08/15 17:50:10 | 000,155,648 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\Oemdspif.dll
[2012/08/15 17:50:10 | 000,118,784 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\atibtmon.exe
[2012/08/15 17:50:10 | 000,064,512 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\System32\atimpc32.dll
[2012/08/15 17:50:10 | 000,064,512 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\System32\amdpcom32.dll
[2012/08/15 17:50:10 | 000,057,344 | ---- | C] (Advanced Micro Devices Inc.) -- C:\WINDOWS\System32\aticalrt.dll
[2012/08/15 17:50:10 | 000,053,248 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2erec.dll
[2012/08/15 17:50:10 | 000,053,248 | ---- | C] (Advanced Micro Devices Inc.) -- C:\WINDOWS\System32\aticalcl.dll
[2012/08/15 17:50:10 | 000,053,248 | ---- | C] ( ATI Technologies Inc.) -- C:\WINDOWS\System32\ATIDDC.DLL
[2012/08/15 17:50:10 | 000,045,056 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\ATIODCLI.exe
[2012/08/15 17:50:10 | 000,043,520 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\ati2edxx.dll
[2012/08/15 17:50:10 | 000,026,112 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\Ati2mdxx.exe
[2012/08/15 17:50:10 | 000,024,064 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\ativcoxx.dll
[2012/08/15 17:50:10 | 000,017,408 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\atitvo32.dll
[2012/08/15 17:47:11 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2012/08/15 17:47:08 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2012/08/15 17:46:16 | 000,000,000 | ---D | C] -- C:\AMD
[2012/08/15 11:59:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\Performance
[2012/08/15 11:58:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Microsoft Corporation
[2012/08/15 11:55:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows 7 Upgrade Advisor
[2012/08/15 00:20:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CPA_VA
[2012/08/15 00:19:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Comodo
[2012/08/15 00:18:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\COMODO
[2012/08/15 00:10:38 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\User\Recent
[2012/08/15 00:09:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2012/08/14 23:36:05 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\gdiplus.dll
[2012/08/14 23:14:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\Music
[2012/08/14 23:12:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\jpg, ai, png etc
[2012/08/08 20:59:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Start Menu\Programs\QuickTime
[2012/08/08 20:58:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2012/08/08 19:09:15 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2012/08/03 18:10:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Start Menu\Programs\REALTEK 11n USB Wireless LAN Utility
[2012/08/03 18:09:56 | 000,015,872 | R--- | C] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System32\drivers\XPTWOPORT.sys
[2012/08/03 18:09:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\OPTIONS
[2012/08/03 18:09:45 | 001,270,120 | R--- | C] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System32\drivers\rtwlanu.sys
[2012/08/03 18:09:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\RtlGina
[2012/08/03 18:09:27 | 000,000,000 | ---D | C] -- C:\Program Files\REALTEK
[2012/07/30 22:14:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Start Menu\Programs\Music Manager
[2012/07/30 22:14:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Programs
[2012/07/26 22:50:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\FileZilla
[2012/07/26 22:50:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Start Menu\Programs\FileZilla FTP Client
[2012/07/26 22:50:26 | 000,000,000 | ---D | C] -- C:\Program Files\FileZilla FTP Client
[2012/07/26 22:40:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\svBuilder
[2012/07/26 22:40:27 | 000,000,000 | ---D | C] -- C:\Program Files\svBuilder
[2012/07/26 22:10:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Start Menu\Programs\SeaMonkey
[2012/07/26 22:09:59 | 000,000,000 | ---D | C] -- C:\Program Files\SeaMonkey
[2012/07/18 21:50:54 | 000,000,000 | --SD | C] -- C:\Documents and Settings\User\My Documents\Google Drive
[2012/07/18 21:41:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Start Menu\Programs\Google Drive
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 60 Days ==========

[2012/09/09 23:52:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/09/09 23:49:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-1417001333-1801674531-1003UA.job
[2012/09/09 23:44:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/09 23:44:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/09 23:39:56 | 000,854,156 | ---- | M] () -- C:\Documents and Settings\User\Desktop\SecurityCheck.exe
[2012/09/09 23:24:34 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/09/09 13:49:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-1417001333-1801674531-1003Core.job
[2012/09/09 04:48:02 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{AB64F500-7EC3-4490-A99E-ECE2065DE0B3}.job
[2012/09/09 04:30:03 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/09/09 02:00:00 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-DEN-User.job
[2012/09/09 01:48:38 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/09/08 00:31:20 | 111,354,454 | ---- | M] () -- C:\Documents and Settings\User\Desktop\jeep evolution shirt.psd
[2012/09/07 15:06:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/09/06 23:43:25 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2012/09/06 23:43:22 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2012/09/06 23:43:22 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012/09/06 23:43:22 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012/09/06 23:43:22 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2012/09/06 23:43:21 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2012/09/06 23:43:21 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2012/09/05 20:50:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/09/05 18:20:50 | 002,211,928 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\User\Desktop\tdsskiller.exe
[2012/09/05 18:15:35 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/09/05 18:02:15 | 000,000,328 | RHS- | M] () -- C:\boot.ini
[2012/09/05 17:54:50 | 004,743,773 | R--- | M] (Swearware) -- C:\Documents and Settings\User\Desktop\ComboFix.exe
[2012/09/04 23:14:49 | 000,099,624 | ---- | M] () -- C:\Documents and Settings\User\Desktop\building.jpg
[2012/09/04 23:00:08 | 000,073,765 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Port-Ludlow-1.jpg
[2012/09/04 01:07:29 | 000,001,984 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/09/02 20:51:01 | 000,002,277 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Google Chrome.lnk
[2012/09/02 20:51:01 | 000,002,255 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/08/26 21:51:46 | 001,372,804 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Statement for Police-2012.jpg
[2012/08/26 21:49:29 | 001,424,129 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Statement for Police-2012.pdf
[2012/08/26 20:28:22 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\User\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/08/26 20:28:09 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\User\Desktop\NTREGOPT.lnk
[2012/08/26 20:28:09 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\User\Desktop\ERUNT.lnk
[2012/08/22 21:51:18 | 001,696,865 | ---- | M] () -- C:\Documents and Settings\User\Desktop\learning_linkedin_from_the_experts_2012_april.pdf
[2012/08/22 21:51:14 | 001,620,121 | ---- | M] () -- C:\Documents and Settings\User\Desktop\how_to_attract_customers_with_twitter.pdf
[2012/08/22 21:51:06 | 001,457,574 | ---- | M] () -- C:\Documents and Settings\User\Desktop\guide_to_facebook_business_page_timelines.pdf
[2012/08/22 21:13:45 | 000,825,443 | ---- | M] () -- C:\Documents and Settings\User\Desktop\IMAG0158.jpg
[2012/08/22 17:52:29 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/08/22 17:52:29 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/08/21 21:34:40 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\User\Desktop\MBR.dat
[2012/08/21 21:32:33 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\User\Desktop\aswMBR.exe
[2012/08/21 20:33:17 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2012/08/19 22:52:53 | 000,442,560 | ---- | M] (Shlemoon Media Inc) -- C:\Documents and Settings\User\Application Data\fdmer.exe
[2012/08/19 22:52:50 | 000,525,312 | ---- | M] (BrowserSetter) -- C:\Documents and Settings\User\Application Data\bsetter-own.exe
[2012/08/19 16:48:30 | 000,067,568 | ---- | M] () -- C:\Documents and Settings\User\Desktop\TV.JPG
[2012/08/17 20:55:24 | 006,260,697 | ---- | M] () -- C:\Documents and Settings\User\Desktop\seaworld.JPG
[2012/08/16 03:01:23 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/08/15 19:16:46 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/08/15 17:50:56 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ativpsrm.bin
[2012/08/15 03:17:16 | 003,889,280 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/08/15 00:10:19 | 000,188,054 | ---- | M] () -- C:\Documents and Settings\User\My Documents\cc_20120815_001004.reg
[2012/08/14 23:37:14 | 000,001,141 | ---- | M] () -- C:\WINDOWS\System32\{1606DC18-9578-4cbd-8312-8E9868F06A1D}.conf
[2012/08/14 23:37:14 | 000,000,404 | ---- | M] () -- C:\WINDOWS\System32\{7995330B-E01F-4645-B702-53481E7CB778}.cmdfile
[2012/08/14 23:36:05 | 001,700,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\gdiplus.dll
[2012/08/05 19:59:36 | 000,069,120 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/26 22:10:05 | 000,001,582 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\SeaMonkey.lnk
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/09/09 23:39:58 | 000,854,156 | ---- | C] () -- C:\Documents and Settings\User\Desktop\SecurityCheck.exe
[2012/09/08 00:31:16 | 111,354,454 | ---- | C] () -- C:\Documents and Settings\User\Desktop\jeep evolution shirt.psd
[2012/09/05 17:59:29 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/09/05 17:59:29 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/09/05 17:59:29 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/09/05 17:59:29 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/09/05 17:59:29 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/09/04 23:14:53 | 000,099,624 | ---- | C] () -- C:\Documents and Settings\User\Desktop\building.jpg
[2012/09/04 23:00:12 | 000,073,765 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Port-Ludlow-1.jpg
[2012/08/26 21:51:46 | 001,372,804 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Statement for Police-2012.jpg
[2012/08/26 21:49:36 | 001,424,129 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Statement for Police-2012.pdf
[2012/08/26 20:28:22 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\User\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/08/26 20:28:09 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\User\Desktop\NTREGOPT.lnk
[2012/08/26 20:28:09 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\User\Desktop\ERUNT.lnk
[2012/08/22 21:51:19 | 001,696,865 | ---- | C] () -- C:\Documents and Settings\User\Desktop\learning_linkedin_from_the_experts_2012_april.pdf
[2012/08/22 21:51:16 | 001,620,121 | ---- | C] () -- C:\Documents and Settings\User\Desktop\how_to_attract_customers_with_twitter.pdf
[2012/08/22 21:51:10 | 001,457,574 | ---- | C] () -- C:\Documents and Settings\User\Desktop\guide_to_facebook_business_page_timelines.pdf
[2012/08/22 21:13:51 | 000,825,443 | ---- | C] () -- C:\Documents and Settings\User\Desktop\IMAG0158.jpg
[2012/08/22 17:34:56 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/08/21 21:34:40 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\User\Desktop\MBR.dat
[2012/08/19 16:48:37 | 000,067,568 | ---- | C] () -- C:\Documents and Settings\User\Desktop\TV.JPG
[2012/08/17 20:55:22 | 006,260,697 | ---- | C] () -- C:\Documents and Settings\User\Desktop\seaworld.JPG
[2012/08/16 22:58:57 | 000,002,277 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Google Chrome.lnk
[2012/08/15 23:45:41 | 000,006,045 | ---- | C] () -- C:\WINDOWS\System32\nvnrm.nvu
[2012/08/15 23:45:41 | 000,004,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2012/08/15 19:21:11 | 000,270,142 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Minecraft.exe
[2012/08/15 17:50:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2012/08/15 17:50:10 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2012/08/15 17:50:10 | 000,578,048 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.cap
[2012/08/15 17:50:10 | 000,227,587 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2012/08/15 17:50:10 | 000,030,707 | ---- | C] () -- C:\WINDOWS\atiogl.xml
[2012/08/15 17:50:10 | 000,007,167 | ---- | C] () -- C:\WINDOWS\System32\atifglpf.xml
[2012/08/15 17:50:10 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2012/08/15 11:55:52 | 000,001,868 | ---- | C] () -- C:\Documents and Settings\User\Start Menu\Programs\Windows 7 Upgrade Advisor.lnk
[2012/08/15 00:24:42 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2012/08/15 00:10:07 | 000,188,054 | ---- | C] () -- C:\Documents and Settings\User\My Documents\cc_20120815_001004.reg
[2012/08/14 23:37:14 | 000,000,404 | ---- | C] () -- C:\WINDOWS\System32\{7995330B-E01F-4645-B702-53481E7CB778}.cmdfile
[2012/08/14 23:37:13 | 000,001,141 | ---- | C] () -- C:\WINDOWS\System32\{1606DC18-9578-4cbd-8312-8E9868F06A1D}.conf
[2012/08/03 18:09:26 | 000,451,072 | ---- | C] () -- C:\WINDOWS\System32\ISSRemoveSP.exe
[2012/07/31 01:09:40 | 000,001,984 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/07/26 22:40:29 | 000,000,646 | ---- | C] () -- C:\Documents and Settings\User\Start Menu\Programs\svBuilder.lnk
[2012/07/26 22:10:05 | 000,001,582 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\SeaMonkey.lnk
[2012/06/03 21:50:35 | 000,495,496 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/02/15 21:03:29 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/01/14 00:31:15 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2010/09/26 17:54:05 | 000,000,244 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2010/09/26 17:54:05 | 000,000,093 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2010/09/26 17:53:50 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2010/09/26 17:53:50 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2010/09/26 17:49:40 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\bridf08a.dat
[2010/09/26 17:49:32 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2010/09/26 17:49:32 | 000,000,086 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini
[2010/09/26 17:49:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2010/09/26 17:46:24 | 000,031,767 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2010/09/23 16:10:00 | 000,096,888 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/09/23 15:24:37 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2010/09/23 15:24:37 | 000,000,059 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2010/06/08 07:47:16 | 000,058,202 | ---- | C] () -- C:\Program Files\Flash Professional CS5 Read Me.pdf
[2010/03/15 08:50:47 | 013,791,744 | ---- | C] () -- C:\Documents and Settings\User\BlackBerry_USB_and_Modem_Drivers_ENG.msi
[2008/12/10 14:24:42 | 000,000,550 | ---- | C] () -- C:\Documents and Settings\User\Shortcut to Desktop.lnk
[2008/12/02 16:13:29 | 000,069,120 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Custom Scans ==========

< MD5 for: JSDBGUI.DLL >
[2009/03/08 04:35:02 | 000,521,216 | ---- | M] (Microsoft Corporation) MD5=33DB6E706FD3A2271033C5D29B3D6F76 -- C:\WINDOWS\ie8updates\KB2722913-IE8\jsdbgui.dll
[2012/07/02 11:48:20 | 000,522,240 | ---- | M] (Microsoft Corporation) MD5=4361C69024FF681D5EF3ECB895EA0AE4 -- C:\WINDOWS\$hf_mig$\KB2722913-IE8\SP3QFE\jsdbgui.dll
[2012/07/02 11:49:32 | 000,521,728 | ---- | M] (Microsoft Corporation) MD5=B500D82589DCD9714E690117F7BA3E28 -- C:\Program Files\Internet Explorer\jsdbgui.dll
[2012/07/02 11:49:32 | 000,521,728 | ---- | M] (Microsoft Corporation) MD5=B500D82589DCD9714E690117F7BA3E28 -- C:\WINDOWS\system32\dllcache\jsdbgui.dll

< MD5 for: SFCFILES.DLL >
[2008/08/26 12:11:36 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=362BC5AF8EAF712832C58CC13AE05750 -- C:\WINDOWS\system32\sfcfiles.dll

========== Files - Unicode (All) ==========
[2012/09/09 23:24:55 | 000,008,184 | ---- | M] ()(C:\Documents and Settings\User\??j) -- C:\Documents and Settings\User\漀ѽj
[2012/09/09 23:24:43 | 000,008,283 | ---- | M] ()(C:\Documents and Settings\User\??z) -- C:\Documents and Settings\User\�Ѹz
[2012/08/08 20:17:23 | 000,000,759 | ---- | M] ()(C:\WINDOWS\System32\??p) -- C:\WINDOWS\System32\脀Ѹp
[2012/08/08 20:17:22 | 000,000,792 | ---- | M] ()(C:\WINDOWS\System32\??r) -- C:\WINDOWS\System32\脀Ѹr
[2012/08/08 20:17:21 | 000,000,759 | ---- | M] ()(C:\WINDOWS\System32\??h) -- C:\WINDOWS\System32\漀ѽh
[2012/08/08 20:17:20 | 000,000,825 | ---- | M] ()(C:\WINDOWS\System32\??x) -- C:\WINDOWS\System32\Ѹx
[2012/08/08 20:16:44 | 000,001,947 | ---- | M] ()(C:\WINDOWS\System32\??z) -- C:\WINDOWS\System32\�Ѹz
[2012/07/18 22:32:19 | 000,000,528 | ---- | M] ()(C:\Documents and Settings\User\??x) -- C:\Documents and Settings\User\Ѹx
[2010/08/26 07:44:32 | 000,000,033 | ---- | M] ()(C:\WINDOWS\System32\??j) -- C:\WINDOWS\System32\漀ѽj
[2010/08/26 07:44:31 | 000,000,033 | ---- | C] ()(C:\WINDOWS\System32\??j) -- C:\WINDOWS\System32\漀ѽj
[2010/08/16 09:35:39 | 000,000,792 | ---- | C] ()(C:\WINDOWS\System32\??r) -- C:\WINDOWS\System32\脀Ѹr
[2010/08/16 09:35:39 | 000,000,759 | ---- | C] ()(C:\WINDOWS\System32\??p) -- C:\WINDOWS\System32\脀Ѹp
[2010/08/16 09:35:38 | 000,000,825 | ---- | C] ()(C:\WINDOWS\System32\??x) -- C:\WINDOWS\System32\Ѹx
[2010/08/16 09:35:38 | 000,000,759 | ---- | C] ()(C:\WINDOWS\System32\??h) -- C:\WINDOWS\System32\漀ѽh
[2010/08/16 09:35:38 | 000,000,528 | ---- | C] ()(C:\Documents and Settings\User\??x) -- C:\Documents and Settings\User\Ѹx
[2010/08/15 20:12:04 | 000,001,947 | ---- | C] ()(C:\WINDOWS\System32\??z) -- C:\WINDOWS\System32\�Ѹz
[2010/08/11 00:54:35 | 000,008,184 | ---- | C] ()(C:\Documents and Settings\User\??j) -- C:\Documents and Settings\User\漀ѽj
[2010/08/11 00:54:34 | 000,008,283 | ---- | C] ()(C:\Documents and Settings\User\??z) -- C:\Documents and Settings\User\�Ѹz

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\User\My Documents\Weather Watches & Warnings_...pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\User\My Documents\V8049297.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\User\My Documents\Untitled-1.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\User\My Documents\typeface periodical chart.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\User\My Documents\Silas Beezley Desc Chart_Page_3.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\User\My Documents\Silas Beezley Desc Chart_Page_2.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\User\My Documents\Silas Beezley Desc Chart_Page_1.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\User\My Documents\Silas Beezley Desc Chart.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\User\My Documents\shadow.png:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\User\My Documents\ram 5500.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\User\My Documents\pretty girls copy.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\User\My Documents\openrangerv.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\User\My Documents\New Image.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\User\My Documents\GURPS_Lite_Fourth_Edition.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\User\My Documents\frozen road.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\User\My Documents\Flash.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\User\My Documents\fireworks over Medicine Hat copy.png:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\User\My Documents\fence estimate by hillraisers.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\User\My Documents\fax cover sheet.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\User\My Documents\dreidel1.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\User\My Documents\city chrysler card.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\User\My Documents\CharacterSheet.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\User\My Documents\Cal - CMYK.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\User\My Documents\Boo!Planning.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\User\My Documents\Beezley.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\User\My Documents\background01 copy.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\User\My Documents\Autumn_Leaves_Herbarium.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\User\My Documents\ark.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\User\My Documents\10946_1273745001745_1173532228_30841053_6853930_n.jpg:Roxio EMC Stream

< End of report >






















Results of screen317's Security Check version 0.99.50
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
CCleaner
Java™ 6 Update 22
Java 7 Update 7
Adobe Flash Player 11.4.402.265
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (14.0.1)
Mozilla Thunderbird 12.0.1 Thunderbird out of Date!
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 21% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
  • 0

#14
jester1525
Posted 10 September 2012 - 12:06 AM

jester1525

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Oops - Forgot to update..

The computer is running MUCH better.. still crash photoshop & Illustrator every other time I run them but did a fairly big design project the other day and went 4+ hours without a single slowdown (which I couldn't do before..)

I am still getting the pop up window about trying to close down a random program like (BB4.exe or whatever.. it changes every time) so I'm guessing that's a program that shouldn't be running..

I'll start the process with my bank.. I checked on a different computer and there isn't anything amiss at the moment, but I'll still be contacting them.

Thanks for the help - just let me know what I need to do next!
  • 0

#15
blmadara
Posted 10 September 2012 - 02:50 PM

blmadara

    Trusted Helper

  • Malware Removal
  • 767 posts
Hi jester1525,

Step One: Uninstall Programs

Go to Start->Settings->Control Panel->Add or Remove Programs.
Remove the following programs if they are listed:

Java™ 6 Update 22



Step Two: OTL Fix

Note: If you have Malwarebytes 1.6 or higher installed please disable it for the duration of this fix as it may interfere with the successfully execution of the script below. If it still hangs then please uninstall MalwareBytes' and run this fix again.


Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
IE - HKLM\..\SearchScopes\{154d339e-ccaa-49a5-9b38-6878ad4220bc}: "URL" = http://www.searchamo...t=webs&bar=true
IE - HKU\S-1-5-21-1606980848-1417001333-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchamong.com
IE - HKU\S-1-5-21-1606980848-1417001333-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.searchamo...t=webs&bar=true
IE - HKU\S-1-5-21-1606980848-1417001333-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchamo...t=webs&bar=true
IE - HKU\S-1-5-21-1606980848-1417001333-1801674531-1003\..\SearchScopes\{154d339e-ccaa-49a5-9b38-6878ad4220bc}: "URL" = http://www.searchamo...t=webs&bar=true
IE - HKU\S-1-5-21-1606980848-1417001333-1801674531-1003\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT1060933
[2011/11/28 23:30:50 | 000,000,000 | ---D | M] (Freecorder Community Toolbar) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\qm52wcga.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
[2010/10/20 15:40:12 | 000,000,923 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\qm52wcga.default\searchplugins\conduit.xml
O3 - HKU\S-1-5-21-1606980848-1417001333-1801674531-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKU\.DEFAULT..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 File not found
O4 - HKU\S-1-5-18..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 File not found
O4 - Startup: C:\Documents and Settings\HelpAssistant\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]


Add unicode files here!!!!!!!


:Services

:Reg

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.


Step Three: Update and Run Malwarebytes' Anti-Malware


  • Run Malwarebytes' Anti-Malware.
  • Select the Update tab.
  • Select the Check for Updates button.
  • Select the Scanner tab.
  • Select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire report in your next reply.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.


Step Four: ESET Online Scanner

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


Step Five: How is your computer running?

I am still getting the pop up window about trying to close down a random program like (BB4.exe or whatever.. it changes every time) so I'm guessing that's a program that shouldn't be running..

Is this still happening after performing the above steps? What other problems remain?

What I need in your next post:
1. The log from the OTL fix.
2. The log from the MBAM scan.
3. The log from ESET Online Scanner, C:\Program Files\EsetOnlineScanner\log.txt.
4. Let me know what problems remain.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP