Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Help with annoying Hacktool pls! [Solved]

Started by jhey0214 , Dec 28 2012 10:47 PM

  • This topic is locked This topic is locked

#1
jhey0214
Posted 28 December 2012 - 10:47 PM

jhey0214

    Member

  • Member
  • PipPip
  • 24 posts
I don't know how I got this virus or something (idp.hacktool.b87c2318) but it keeps popping up on my avg anti virus everytime i log on my laptop.
I scanned my whole system with AVG anti virus and i got 28 threats
Please help me I'm getting frustrated lol ; ;

Ive read a same topic but its closed.
this is my OTL... and I attached it too.. Thanks in advance!

OTL logfile created on: 12/28/2012 11:40:46 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = X:\Users\Levi\Desktop\Mozilla D
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.90 Gb Total Physical Memory | 3.52 Gb Available Physical Memory | 44.61% Memory free
15.80 Gb Paging File | 11.83 Gb Available in Paging File | 74.87% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = X: | %SystemRoot% = X:\Windows | %ProgramFiles% = X:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 417.02 Gb Free Space | 89.55% Space Free | Partition Type: NTFS
Drive X: | 465.76 Gb Total Space | 386.36 Gb Free Space | 82.95% Space Free | Partition Type: NTFS

Computer Name: LEVI-PC | User Name: Levi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/12/28 21:44:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- X:\Users\Levi\Desktop\Mozilla D\OTL.exe
PRC - [2012/12/26 18:06:54 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- X:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe
PRC - [2012/12/13 14:26:20 | 003,290,896 | ---- | M] (Skype Technologies S.A.) -- X:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/12/12 18:33:21 | 000,916,960 | ---- | M] (Mozilla Corporation) -- X:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/12/12 18:01:59 | 003,093,624 | ---- | M] () -- X:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
PRC - [2012/12/03 10:47:14 | 001,259,880 | ---- | M] (NVIDIA Corporation) -- X:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/11/06 19:00:32 | 003,143,800 | ---- | M] (AVG Technologies CZ, s.r.o.) -- X:\Program Files (x86)\AVG\AVG2013\avgui.exe
PRC - [2012/11/06 19:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- X:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
PRC - [2012/10/30 18:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- X:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- X:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
PRC - [2012/09/23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- X:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/01/31 14:49:16 | 000,088,576 | ---- | M] () -- X:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe
PRC - [2012/01/04 14:59:50 | 000,291,608 | R--- | M] (Intel Corporation) -- X:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2011/11/29 20:04:56 | 000,013,592 | ---- | M] (Intel Corporation) -- X:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/11/29 20:04:54 | 000,284,440 | ---- | M] (Intel Corporation) -- X:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2011/11/02 17:30:16 | 000,160,768 | ---- | M] (Micro-Star International Co., Ltd.) -- X:\Program Files (x86)\S-Bar\MSIService.exe
PRC - [2011/08/29 16:37:02 | 001,517,056 | ---- | M] (Creative Technology Ltd) -- X:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- X:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2007/01/19 10:08:30 | 001,600,512 | ---- | M] (SQUARE ENIX CO., LTD.) -- C:\Program Files\Square Enix\SquareEnix\PlayOnlineViewer\pol.exe


========== Modules (No Company Name) ==========

MOD - [2012/12/26 18:06:54 | 014,586,296 | ---- | M] () -- X:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll
MOD - [2012/12/13 12:25:17 | 000,487,424 | ---- | M] () -- X:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\4a443c775f768ede71bde8e10f50ec0b\IAStorUtil.ni.dll
MOD - [2012/12/13 12:25:17 | 000,014,336 | ---- | M] () -- X:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\e88f87e9200afb5ede994c89c92e22b8\IAStorCommon.ni.dll
MOD - [2012/12/13 12:23:44 | 001,670,144 | ---- | M] () -- X:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\4a29fb5e489e57ccc97b19ca70db94a8\Microsoft.VisualBasic.ni.dll
MOD - [2012/12/13 12:13:02 | 011,833,344 | ---- | M] () -- X:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\03cfab5534482e8fc313ead6edc19100\System.Web.ni.dll
MOD - [2012/12/13 12:12:58 | 000,771,584 | ---- | M] () -- X:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll
MOD - [2012/12/13 12:12:49 | 014,340,608 | ---- | M] () -- X:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1ec80905a71750be50dfc7981ad5ae28\PresentationFramework.ni.dll
MOD - [2012/12/13 12:12:40 | 012,436,480 | ---- | M] () -- X:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll
MOD - [2012/12/13 12:12:36 | 001,591,808 | ---- | M] () -- X:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll
MOD - [2012/12/13 12:12:32 | 012,237,824 | ---- | M] () -- X:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\53d6d827964619285771ed72332d3659\PresentationCore.ni.dll
MOD - [2012/12/13 12:12:24 | 003,347,968 | ---- | M] () -- X:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll
MOD - [2012/12/13 12:12:18 | 005,452,800 | ---- | M] () -- X:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll
MOD - [2012/12/13 12:12:15 | 000,971,264 | ---- | M] () -- X:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll
MOD - [2012/12/13 12:12:13 | 007,988,736 | ---- | M] () -- X:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll
MOD - [2012/12/13 12:11:58 | 011,493,376 | ---- | M] () -- X:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll
MOD - [2012/12/12 18:33:21 | 002,397,152 | ---- | M] () -- X:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/12/12 18:01:59 | 003,093,624 | ---- | M] () -- X:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
MOD - [2012/05/03 06:56:00 | 000,004,096 | ---- | M] () -- X:\Program Files (x86)\NVIDIA Corporation\coprocmanager\detoured.dll
MOD - [2012/01/31 14:49:16 | 000,088,576 | ---- | M] () -- X:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe


========== Services (SafeList) ==========

SRV:64bit: - [2012/03/07 21:58:42 | 000,492,032 | ---- | M] () [Auto | Running] -- X:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe -- (Qualcomm Atheros Killer Service)
SRV:64bit: - [2011/12/08 10:44:04 | 000,594,704 | ---- | M] (Intel® Corporation) [Auto | Running] -- X:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)
SRV:64bit: - [2011/12/08 10:43:56 | 000,273,168 | ---- | M] () [On_Demand | Stopped] -- X:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2011/12/08 10:43:48 | 000,618,256 | ---- | M] (Intel® Corporation) [Auto | Running] -- X:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2011/12/08 10:43:44 | 000,148,752 | ---- | M] (Intel® Corporation) [Auto | Running] -- X:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2011/12/05 09:30:50 | 000,659,968 | ---- | M] (Intel Corporation) [Auto | Running] -- X:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV:64bit: - [2011/12/05 08:55:36 | 000,135,952 | ---- | M] (Intel® Corporation) [Auto | Running] -- X:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- X:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/12/26 18:06:54 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- X:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/13 14:26:20 | 003,290,896 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- X:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/12/12 18:33:21 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- X:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/12/03 10:47:14 | 001,259,880 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- X:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/11/09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- X:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/11/06 19:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- X:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- X:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012/09/23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- X:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/01/12 01:24:26 | 000,274,200 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- X:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2011/12/07 02:38:10 | 002,429,544 | R--- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- X:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2011/11/29 20:04:56 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- X:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011/11/02 17:30:16 | 000,160,768 | ---- | M] (Micro-Star International Co., Ltd.) [Auto | Running] -- X:\Program Files (x86)\S-Bar\MSIService.exe -- (Micro Star SCM)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- X:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- X:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- X:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/12/12 19:51:35 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- X:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/12/03 10:47:14 | 000,030,056 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- X:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2012/10/22 13:02:44 | 000,154,464 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- X:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2012/10/15 03:48:50 | 000,063,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Stopped] -- X:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/10/05 03:32:50 | 000,111,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- X:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2012/10/02 03:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- X:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/09/21 03:46:04 | 000,200,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- X:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/09/21 03:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- X:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2012/09/14 03:05:18 | 000,040,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- X:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2012/09/12 15:20:04 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- X:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/05/12 12:31:00 | 000,121,416 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Running] -- X:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV:64bit: - [2012/03/07 21:59:46 | 000,075,880 | ---- | M] (Bigfoot Networks, Inc.) [Kernel | System | Running] -- X:\Windows\SysNative\drivers\bflwfx64.sys -- (BfLwf)
DRV:64bit: - [2012/03/07 21:59:44 | 000,161,616 | ---- | M] (Qualcomm Atheros, Inc.) [Kernel | On_Demand | Running] -- X:\Windows\SysNative\drivers\e22W7x64.sys -- (L1C)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- X:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/05 06:36:54 | 014,652,768 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- X:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/01/04 14:58:50 | 000,786,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- X:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012/01/04 14:58:50 | 000,355,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- X:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012/01/04 14:58:50 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- X:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2011/12/07 19:42:28 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- X:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2011/12/06 03:14:38 | 000,339,048 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- X:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2011/12/05 14:23:08 | 000,331,264 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- X:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2011/12/05 09:22:58 | 000,195,584 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- X:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)
DRV:64bit: - [2011/12/05 09:22:58 | 000,195,584 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- X:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2011/12/01 22:51:00 | 011,417,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- X:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2011/11/29 19:40:32 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- X:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/11/10 01:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- X:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- X:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- X:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- X:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- X:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- X:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- X:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2009/11/17 18:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- X:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- X:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- X:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- X:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- X:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- X:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- X:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- X:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- X:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = X:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3530946022-1083507349-3103345942-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3530946022-1083507349-3103345942-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-3530946022-1083507349-3103345942-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8F 7E 90 18 33 DE CD 01 [binary data]
IE - HKU\S-1-5-21-3530946022-1083507349-3103345942-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3530946022-1083507349-3103345942-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.12
FF - prefs.js..extensions.enabledAddons: %7B82AF8DCA-6DE9-405D-BD5E-43525BDAD38A%7D:6.5.0.11422
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: X:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: X:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: X:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: X:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: X:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: X:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: X:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: X:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: X:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: X:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: X:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: X:\Program Files (x86)\Google\Update\1.3.21.89\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: X:\Program Files (x86)\Google\Update\1.3.21.89\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: X:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: X:\PROGRAM FILES\IB UPDATER\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: X:\Program Files\IB Updater\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: X:\Program Files (x86)\Mozilla Firefox\components [2012/12/12 18:33:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: X:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: X:\Program Files (x86)\Mozilla Firefox\components [2012/12/12 18:33:21 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: X:\Program Files (x86)\Mozilla Firefox\plugins

[2012/12/12 17:29:09 | 000,000,000 | ---D | M] (No name found) -- X:\Users\Levi\AppData\Roaming\Mozilla\Extensions
[2012/12/23 00:12:40 | 000,000,000 | ---D | M] (No name found) -- X:\Users\Levi\AppData\Roaming\Mozilla\Firefox\Profiles\ti694k4o.default\extensions
[2012/12/13 22:07:38 | 000,000,000 | ---D | M] (DownloadHelper) -- X:\Users\Levi\AppData\Roaming\Mozilla\Firefox\Profiles\ti694k4o.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/12/27 20:27:04 | 000,000,000 | ---D | M] (No name found) -- X:\Program Files (x86)\Mozilla Firefox\extensions
[2012/12/27 20:27:32 | 000,000,000 | ---D | M] (Skype Click to Call) -- X:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/12/12 18:33:21 | 000,262,112 | ---- | M] (Mozilla Foundation) -- X:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/11/20 01:17:14 | 000,002,465 | ---- | M] () -- X:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/11/20 01:17:14 | 000,002,058 | ---- | M] () -- X:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - homepage: http://www.google.com
CHR - Extension: Google Drive = X:\Users\Levi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: YouTube = X:\Users\Levi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = X:\Users\Levi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: avast! WebRep = X:\Users\Levi\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\
CHR - Extension: Skype Click to Call = X:\Users\Levi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.5.0.11422_0\
CHR - Extension: Gmail = X:\Users\Levi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - X:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - X:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - X:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - X:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - X:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - X:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - X:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] X:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] X:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] X:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] X:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [THXCfg64] X:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.)
O4 - HKLM..\Run: [Adobe] C:\ProgramData\Adobe\15CA8E2.vbe ()
O4 - HKLM..\Run: [AVG_UI] X:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [IAStorIcon] X:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [THX Audio Control Panel] X:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [UpdReg] X:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [USB3MON] X:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKLM..\Run: [VGAOCAP] X:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] X:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] X:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3530946022-1083507349-3103345942-1000..\Run: [Pando Media Booster] X:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\S-1-5-21-3530946022-1083507349-3103345942-1001..\Run: [Sidebar] X:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] X:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] X:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-3530946022-1083507349-3103345942-1001..\RunOnce: [mctadmin] X:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-3530946022-1083507349-3103345942-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3530946022-1083507349-3103345942-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-3530946022-1083507349-3103345942-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - X:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - X:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - X:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - X:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - X:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - X:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - X:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - X:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - X:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - X:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - X:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - X:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{96382C36-95ED-47B4-BA86-ADE5869DE9F8}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - X:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - X:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - X:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (X:\Windows\system32\nvinitx.dll) - X:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (X:\Windows\SysWOW64\nvinit.dll) - X:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - X:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (X:\Windows\system32\userinit.exe) - X:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - X:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - X:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - X:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{06a2244f-44ba-11e2-b812-8c89a504755e}\Shell - "" = AutoRun
O33 - MountPoints2\{06a2244f-44ba-11e2-b812-8c89a504755e}\Shell\AutoRun\command - "" = E:\autorun.exe
O33 - MountPoints2\{d82194ac-44bc-11e2-a0e5-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{d82194ac-44bc-11e2-a0e5-806e6f6e6963}\Shell\AutoRun\command - "" = D:\CDSetup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/12/28 23:20:16 | 000,000,000 | ---D | C] -- X:\Users\Levi\AppData\Roaming\AVG2013
[2012/12/28 23:19:53 | 000,000,000 | ---D | C] -- X:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/12/28 23:19:31 | 000,000,000 | -H-D | C] -- X:\$AVG
[2012/12/28 23:19:31 | 000,000,000 | ---D | C] -- X:\ProgramData\AVG2013
[2012/12/28 23:19:14 | 000,000,000 | ---D | C] -- X:\Program Files (x86)\AVG
[2012/12/28 23:18:13 | 000,000,000 | ---D | C] -- X:\Users\Levi\AppData\Local\Avg2013
[2012/12/28 23:04:57 | 000,000,000 | ---D | C] -- X:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/12/28 23:03:13 | 000,000,000 | ---D | C] -- X:\Users\Levi\AppData\Local\Google
[2012/12/28 23:03:12 | 000,000,000 | ---D | C] -- X:\Program Files (x86)\Google
[2012/12/28 23:03:05 | 000,285,328 | ---- | C] (AVAST Software) -- X:\Windows\SysNative\aswBoot.exe
[2012/12/28 23:02:44 | 000,000,000 | ---D | C] -- X:\ProgramData\AVAST Software
[2012/12/28 23:02:44 | 000,000,000 | ---D | C] -- X:\Program Files\AVAST Software
[2012/12/28 22:03:21 | 000,000,000 | ---D | C] -- X:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayOnline
[2012/12/28 19:08:58 | 000,000,000 | ---D | C] -- X:\Program Files (x86)\Common Files\Stardock
[2012/12/28 19:04:31 | 000,000,000 | ---D | C] -- X:\Users\Levi\AppData\Local\GameStop
[2012/12/28 19:04:30 | 000,000,000 | ---D | C] -- X:\Users\Levi\AppData\Roaming\Stardock
[2012/12/28 19:04:26 | 000,000,000 | ---D | C] -- X:\ProgramData\Gibraltar
[2012/12/28 19:04:21 | 000,000,000 | ---D | C] -- X:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameStop
[2012/12/28 19:04:21 | 000,000,000 | ---D | C] -- X:\ProgramData\GameStop
[2012/12/28 19:04:15 | 000,000,000 | -H-D | C] -- X:\ProgramData\{3C9242AC-2350-4CF1-8F66-199117FA2174}
[2012/12/28 19:03:33 | 000,000,000 | ---D | C] -- X:\Users\Levi\AppData\Local\PackageAware
[2012/12/28 19:03:22 | 000,000,000 | ---D | C] -- X:\ProgramData\Stardock
[2012/12/28 11:13:41 | 000,000,000 | ---D | C] -- X:\ProgramData\Grisoft
[2012/12/27 20:26:59 | 000,000,000 | ---D | C] -- X:\Users\Levi\AppData\Roaming\Skype
[2012/12/27 20:26:56 | 000,000,000 | R--D | C] -- X:\Program Files (x86)\Skype
[2012/12/27 20:26:56 | 000,000,000 | ---D | C] -- X:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/12/27 20:26:56 | 000,000,000 | ---D | C] -- X:\Program Files (x86)\Common Files\Skype
[2012/12/27 20:26:54 | 000,000,000 | ---D | C] -- X:\ProgramData\Skype
[2012/12/27 03:11:39 | 000,000,000 | ---D | C] -- X:\Users\Levi\AppData\Local\ElevatedDiagnostics
[2012/12/27 03:11:07 | 000,000,000 | ---D | C] -- X:\Users\Levi\AppData\Local\TERA-Diagnostic
[2012/12/27 00:23:10 | 000,000,000 | ---D | C] -- X:\ProgramData\Microsoft\Windows\Start Menu\Programs\TERA
[2012/12/27 00:23:09 | 000,000,000 | ---D | C] -- X:\Users\Levi\AppData\Local\TERA
[2012/12/27 00:19:02 | 000,000,000 | ---D | C] -- X:\Users\Levi\Documents\Amazon Downloader Logs
[2012/12/26 19:13:02 | 000,000,000 | ---D | C] -- X:\ProgramData\TERA
[2012/12/26 18:06:55 | 000,000,000 | ---D | C] -- X:\ProgramData\McAfee
[2012/12/26 17:30:43 | 000,000,000 | ---D | C] -- X:\Temp
[2012/12/25 22:19:59 | 000,000,000 | ---D | C] -- X:\Users\Levi\Documents\PCSX2
[2012/12/25 22:19:35 | 000,000,000 | ---D | C] -- X:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCSX2
[2012/12/25 22:19:34 | 000,000,000 | ---D | C] -- X:\Program Files (x86)\PCSX2 0.9.8
[2012/12/25 17:19:19 | 000,000,000 | ---D | C] -- X:\Users\Levi\Tracing
[2012/12/25 17:17:28 | 000,000,000 | ---D | C] -- X:\Windows\en
[2012/12/25 17:17:14 | 000,000,000 | ---D | C] -- X:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2012/12/25 17:16:57 | 000,000,000 | R--D | C] -- X:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2012/12/25 17:16:56 | 000,000,000 | ---D | C] -- X:\Windows\SysNative\DRVSTORE
[2012/12/25 17:16:55 | 000,000,000 | ---D | C] -- X:\Program Files\Windows Live
[2012/12/25 17:16:44 | 000,000,000 | ---D | C] -- X:\Program Files (x86)\Windows Live
[2012/12/25 17:15:20 | 000,000,000 | ---D | C] -- X:\Program Files (x86)\Microsoft SkyDrive
[2012/12/25 17:15:19 | 000,000,000 | R--D | C] -- X:\Users\Levi\SkyDrive
[2012/12/25 17:15:16 | 000,000,000 | ---D | C] -- X:\ProgramData\Microsoft SkyDrive
[2012/12/25 17:14:48 | 000,000,000 | ---D | C] -- X:\Users\Levi\AppData\Local\Windows Live
[2012/12/25 17:14:44 | 000,000,000 | ---D | C] -- X:\Program Files (x86)\Common Files\Windows Live
[2012/12/25 12:45:42 | 000,000,000 | ---D | C] -- X:\Users\Levi\dwhelper
[2012/12/23 00:11:13 | 000,000,000 | ---D | C] -- X:\Windows\SysWow64\directx
[2012/12/22 23:51:01 | 000,000,000 | ---D | C] -- X:\ProgramData\YTD Video Downloader
[2012/12/22 23:50:59 | 000,000,000 | ---D | C] -- X:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader
[2012/12/22 23:50:58 | 000,000,000 | ---D | C] -- X:\Program Files (x86)\GreenTree Applications
[2012/12/22 22:32:03 | 000,000,000 | ---D | C] -- X:\Users\Levi\AppData\Roaming\fltk.org
[2012/12/19 22:49:00 | 000,000,000 | ---D | C] -- X:\ProgramData\Yahoo! Companion
[2012/12/19 22:49:00 | 000,000,000 | ---D | C] -- X:\Users\Levi\AppData\Roaming\Yahoo!
[2012/12/19 22:48:51 | 000,000,000 | ---D | C] -- X:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
[2012/12/19 22:48:50 | 000,000,000 | ---D | C] -- X:\ProgramData\Yahoo!
[2012/12/19 22:48:13 | 000,000,000 | ---D | C] -- X:\Program Files (x86)\Yahoo!
[2012/12/18 15:05:36 | 000,000,000 | ---D | C] -- X:\Program Files (x86)\AGEIA Technologies
[2012/12/17 15:50:44 | 000,000,000 | -H-D | C] -- X:\ProgramData\Microsoft\Windows\Start Menu\Programs\xSIMS.de
[2012/12/16 15:14:04 | 000,000,000 | ---D | C] -- X:\Users\Levi\AppData\Local\Adobe
[2012/12/16 13:53:31 | 000,000,000 | ---D | C] -- X:\Users\Levi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TS3 Install Helper Monkey
[2012/12/16 13:53:31 | 000,000,000 | ---D | C] -- X:\Program Files (x86)\Mad Scientist Productions
[2012/12/16 12:30:30 | 000,000,000 | ---D | C] -- X:\Windows\Sun
[2012/12/15 03:12:53 | 000,000,000 | ---D | C] -- X:\Users\Levi\AppData\Roaming\Media Player Classic
[2012/12/15 00:00:39 | 000,000,000 | ---D | C] -- X:\ProgramData\Electronic Arts
[2012/12/14 23:56:28 | 000,000,000 | ---D | C] -- X:\Users\Levi\Documents\Electronic Arts
[2012/12/14 23:55:14 | 000,447,752 | ---- | C] (On2.com) -- X:\Windows\SysWow64\vp6vfw.dll
[2012/12/14 23:55:11 | 000,000,000 | ---D | C] -- X:\Program Files (x86)\Microsoft WSE
[2012/12/14 23:49:52 | 000,000,000 | ---D | C] -- X:\Program Files (x86)\Electronic Arts
[2012/12/14 23:41:24 | 000,000,000 | ---D | C] -- X:\Users\Levi\Desktop\Mozilla D
[2012/12/14 20:22:50 | 000,000,000 | ---D | C] -- X:\Program Files (x86)\Common Files\Adobe
[2012/12/14 20:21:47 | 000,000,000 | ---D | C] -- X:\ProgramData\Adobe
[2012/12/14 20:02:49 | 000,000,000 | ---D | C] -- X:\Users\Levi\AppData\Roaming\WinRAR
[2012/12/14 20:02:49 | 000,000,000 | ---D | C] -- X:\Users\Levi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/12/14 20:02:49 | 000,000,000 | ---D | C] -- X:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/12/13 12:12:13 | 000,000,000 | ---D | C] -- X:\Windows\SysWow64\Wat
[2012/12/13 12:12:13 | 000,000,000 | ---D | C] -- X:\Windows\SysNative\Wat
[2012/12/13 12:05:09 | 000,000,000 | ---D | C] -- X:\Users\Levi\Documents\School Files
[2012/12/12 20:26:53 | 000,000,000 | ---D | C] -- X:\Users\Levi\AppData\Roaming\MotioninJoy
[2012/12/12 20:26:51 | 000,121,416 | ---- | C] (MotioninJoy) -- X:\Windows\SysNative\drivers\MijXfilt.sys
[2012/12/12 20:26:51 | 000,000,000 | ---D | C] -- X:\ProgramData\Microsoft\Windows\Start Menu\Programs\MotioninJoy
[2012/12/12 20:15:34 | 000,000,000 | ---D | C] -- X:\Users\Levi\Documents\Nexus Mod Manager
[2012/12/12 20:15:34 | 000,000,000 | ---D | C] -- X:\Users\Levi\AppData\Local\Black_Tree_Gaming
[2012/12/12 20:15:29 | 000,000,000 | ---D | C] -- X:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager
[2012/12/12 20:11:44 | 000,000,000 | ---D | C] -- X:\Users\Levi\AppData\Local\Skyrim
[2012/12/12 20:11:44 | 000,000,000 | ---D | C] -- X:\Users\Levi\Documents\My Games
[2012/12/12 20:03:52 | 000,000,000 | ---D | C] -- X:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razor 1911
[2012/12/12 19:53:58 | 000,000,000 | ---D | C] -- X:\Program Files (x86)\Real
[2012/12/12 19:53:57 | 000,000,000 | ---D | C] -- X:\Users\Levi\AppData\Roaming\Real
[2012/12/12 19:51:56 | 000,000,000 | ---D | C] -- X:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2012/12/12 19:51:35 | 000,283,200 | ---- | C] (DT Soft Ltd) -- X:\Windows\SysNative\drivers\dtsoftbus01.sys
[2012/12/12 19:51:34 | 000,000,000 | ---D | C] -- X:\ProgramData\Real
[2012/12/12 19:51:31 | 000,000,000 | ---D | C] -- X:\Users\Levi\AppData\Roaming\DAEMON Tools Lite
[2012/12/12 19:51:30 | 000,000,000 | ---D | C] -- X:\Users\Levi\AppData\Roaming\OpenCandy
[2012/12/12 19:50:36 | 000,000,000 | ---D | C] -- X:\ProgramData\DAEMON Tools Lite
[2012/12/12 19:37:26 | 000,000,000 | ---D | C] -- X:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012/12/12 19:37:21 | 000,000,000 | ---D | C] -- X:\Program Files\Common Files\DESIGNER
[2012/12/12 19:36:59 | 000,000,000 | ---D | C] -- X:\Program Files\Microsoft Synchronization Services
[2012/12/12 19:36:49 | 000,000,000 | ---D | C] -- X:\Windows\PCHEALTH
[2012/12/12 19:36:49 | 000,000,000 | ---D | C] -- X:\Program Files\Microsoft SQL Server Compact Edition
[2012/12/12 19:35:02 | 000,000,000 | ---D | C] -- X:\Windows\Prefetch
[2012/12/12 19:34:26 | 000,000,000 | ---D | C] -- X:\Program Files\Microsoft Analysis Services
[2012/12/12 19:34:26 | 000,000,000 | ---D | C] -- X:\Program Files (x86)\Microsoft Analysis Services
[2012/12/12 19:34:08 | 000,000,000 | ---D | C] -- X:\Users\Levi\AppData\Local\Microsoft Help
[2012/12/12 19:34:07 | 000,000,000 | ---D | C] -- X:\Program Files\Microsoft Office
[2012/12/12 19:34:07 | 000,000,000 | ---D | C] -- X:\Program Files (x86)\Microsoft Office
[2012/12/12 19:34:07 | 000,000,000 | ---D | C] -- X:\ProgramData\Microsoft Help
[2012/12/12 19:33:51 | 000,000,000 | RH-D | C] -- X:\MSOCache
[2012/12/12 19:33:31 | 000,000,000 | ---D | C] -- X:\Windows\panther
[2012/12/12 19:30:15 | 000,000,000 | ---D | C] -- X:\Windows.old
[2012/12/12 19:05:08 | 000,000,000 | ---D | C] -- X:\Users\Levi\AppData\Roaming\LolClient
[2012/12/12 18:47:21 | 000,000,000 | ---D | C] -- X:\Riot Games
[2012/12/12 18:47:21 | 000,000,000 | ---D | C] -- X:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
[2012/12/12 18:05:22 | 000,000,000 | ---D | C] -- X:\NVIDIA
[2012/12/12 18:02:02 | 000,000,000 | ---D | C] -- X:\Users\Levi\AppData\Local\PMB Files
[2012/12/12 18:02:02 | 000,000,000 | ---D | C] -- X:\ProgramData\PMB Files
[2012/12/12 18:01:56 | 000,000,000 | ---D | C] -- X:\Program Files (x86)\Pando Networks
[2012/12/12 18:01:46 | 000,000,000 | ---D | C] -- X:\Users\Levi\.swt
[2012/12/12 17:58:25 | 000,000,000 | ---D | C] -- X:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/12/12 17:58:25 | 000,000,000 | ---D | C] -- X:\Program Files (x86)\Microsoft Silverlight
[2012/12/12 17:57:32 | 000,000,000 | ---D | C] -- X:\Program Files (x86)\BitTorrent
[2012/12/12 17:56:53 | 000,000,000 | ---D | C] -- X:\Users\Levi\AppData\Roaming\BitTorrent
[2012/12/12 17:56:40 | 000,000,000 | ---D | C] -- X:\ProgramData\Sun
[2012/12/12 17:56:39 | 000,000,000 | ---D | C] -- X:\Program Files (x86)\Common Files\Java
[2012/12/12 17:56:23 | 000,000,000 | ---D | C] -- X:\Program Files (x86)\Java
[2012/12/12 17:55:24 | 000,000,000 | ---D | C] -- X:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
[2012/12/12 17:55:21 | 000,000,000 | ---D | C] -- X:\Program Files (x86)\K-Lite Codec Pack
[2012/12/12 17:54:36 | 000,000,000 | ---D | C] -- X:\Users\Levi\AppData\Local\Programs
[2012/12/12 17:52:29 | 000,000,000 | ---D | C] -- X:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/12/12 17:52:29 | 000,000,000 | ---D | C] -- X:\Program Files\CCleaner
[2012/12/12 17:51:45 | 000,000,000 | ---D | C] -- X:\Users\Levi\AppData\Roaming\Macromedia
[2012/12/12 17:51:45 | 000,000,000 | ---D | C] -- X:\Users\Levi\AppData\Local\Macromedia
[2012/12/12 17:51:45 | 000,000,000 | ---D | C] -- X:\Users\Levi\AppData\Roaming\Adobe
[2012/12/12 17:51:39 | 000,000,000 | ---D | C] -- X:\Windows\SysWow64\Macromed
[2012/12/12 17:51:38 | 000,000,000 | ---D | C] -- X:\Windows\SysNative\Macromed
[2012/12/12 17:47:51 | 000,000,000 | ---D | C] -- X:\ProgramData\WinZip
[2012/12/12 17:41:43 | 000,000,000 | ---D | C] -- X:\Users\Levi\AppData\Roaming\TuneUp Software
[2012/12/12 17:38:05 | 000,000,000 | -H-D | C] -- X:\ProgramData\Common Files
[2012/12/12 17:38:05 | 000,000,000 | ---D | C] -- X:\Users\Levi\AppData\Local\MFAData
[2012/12/12 17:38:05 | 000,000,000 | ---D | C] -- X:\ProgramData\MFAData
[2012/12/12 17:30:46 | 000,000,000 | ---D | C] -- X:\Windows\pss
[2012/12/12 17:29:04 | 000,000,000 | ---D | C] -- X:\Users\Levi\AppData\Roaming\Mozilla
[2012/12/12 17:29:04 | 000,000,000 | ---D | C] -- X:\Users\Levi\AppData\Local\Mozilla
[2012/12/12 17:29:01 | 000,000,000 | ---D | C] -- X:\Program Files (x86)\Mozilla Maintenance Service
[2012/12/12 17:29:01 | 000,000,000 | ---D | C] -- X:\ProgramData\Mozilla
[2012/12/12 17:28:59 | 000,000,000 | ---D | C] -- X:\Program Files (x86)\Mozilla Firefox
[2012/12/12 17:27:41 | 000,000,000 | ---D | C] -- X:\Users\Levi\AppData\Local\Micro-Star_International_
[2012/12/12 17:24:47 | 000,000,000 | ---D | C] -- X:\Program Files (x86)\MSI
[2012/12/12 17:23:03 | 000,000,000 | ---D | C] -- X:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative
[2012/12/12 17:23:01 | 000,000,000 | ---D | C] -- X:\Program Files (x86)\Creative
[2012/12/12 17:22:26 | 000,000,000 | ---D | C] -- X:\Users\Levi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Camera Recorder
[2012/12/12 17:22:26 | 000,000,000 | ---D | C] -- X:\Program Files (x86)\Camera Recorder
[2012/12/12 17:21:49 | 000,000,000 | ---D | C] -- X:\ProgramData\Microsoft\Windows\Start Menu\Programs\S-Bar
[2012/12/12 17:21:49 | 000,000,000 | ---D | C] -- X:\Program Files (x86)\S-Bar
[2012/12/12 17:20:13 | 000,000,000 | ---D | C] -- X:\Program Files (x86)\Microsoft.NET
[2012/12/12 17:14:11 | 000,000,000 | ---D | C] -- X:\Program Files (x86)\Common Files\Intel Corporation
[2012/12/12 17:12:41 | 000,000,000 | ---D | C] -- X:\Users\Levi\AppData\Roaming\Intel Corporation
[2012/12/12 17:11:53 | 000,000,000 | ---D | C] -- X:\Windows\SysWow64\NV
[2012/12/12 17:11:53 | 000,000,000 | ---D | C] -- X:\Windows\SysNative\NV
[2012/12/12 17:09:55 | 000,000,000 | R--D | C] -- X:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
[2012/12/12 17:09:37 | 000,000,000 | ---D | C] -- X:\Users\Levi\AppData\Roaming\InstallShield
[2012/12/12 17:07:02 | 000,000,000 | -H-D | C] -- X:\Windows\SysNative\WLANProfiles
[2012/12/12 17:06:53 | 000,000,000 | ---D | C] -- X:\Users\Levi\AppData\Roaming\Intel
[2012/12/12 17:06:44 | 000,000,000 | ---D | C] -- X:\Users\Levi\Roaming
[2012/12/12 17:06:44 | 000,000,000 | ---D | C] -- X:\ProgramData\Roaming
[2012/12/12 17:06:17 | 000,000,000 | R--D | C] -- X:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless
[2012/12/12 17:06:12 | 000,000,000 | ---D | C] -- X:\ProgramData\Intel
[2012/12/12 17:06:12 | 000,000,000 | ---D | C] -- X:\Program Files\Intel
[2012/12/12 17:06:12 | 000,000,000 | ---D | C] -- X:\Program Files (x86)\Cisco
[2012/12/12 17:05:02 | 000,000,000 | ---D | C] -- X:\Windows\SysWow64\sda
[2012/12/12 17:04:06 | 000,000,000 | ---D | C] -- X:\ProgramData\Microsoft\Windows\Start Menu\Programs\Qualcomm Atheros
[2012/12/12 17:04:03 | 000,000,000 | ---D | C] -- X:\Program Files\Qualcomm Atheros
[2012/12/12 17:04:03 | 000,000,000 | ---D | C] -- X:\ProgramData\Bigfoot Networks
[2012/12/12 17:02:31 | 000,000,000 | -HSD | C] -- X:\Windows\Installer
[2012/12/12 17:01:50 | 000,000,000 | ---D | C] -- X:\Windows\SysWow64\RTCOM
[2012/12/12 17:01:50 | 000,000,000 | ---D | C] -- X:\Program Files\Realtek
[2012/12/12 17:01:40 | 002,603,864 | ---- | C] (Waves Audio Ltd.) -- X:\Windows\SysNative\WavesGUILib.dll
[2012/12/12 17:01:40 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- X:\Windows\SysNative\SRSTSX64.dll
[2012/12/12 17:01:40 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- X:\Windows\SysNative\SRSTSH64.dll
[2012/12/12 17:01:40 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- X:\Windows\SysNative\SRSWOW64.dll
[2012/12/12 17:01:39 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- X:\Windows\SysNative\SRSHP64.dll
[2012/12/12 17:01:36 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- X:\Windows\SysNative\RTEEP64A.dll
[2012/12/12 17:01:36 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- X:\Windows\SysNative\RP3DHT64.dll
[2012/12/12 17:01:36 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- X:\Windows\SysNative\RP3DAA64.dll
[2012/12/12 17:01:36 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- X:\Windows\SysNative\RTEED64A.dll
[2012/12/12 17:01:36 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- X:\Windows\SysNative\RTEEL64A.dll
[2012/12/12 17:01:36 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- X:\Windows\SysNative\RTEEG64A.dll
[2012/12/12 17:01:32 | 002,131,288 | ---- | C] (Waves Audio Ltd.) -- X:\Windows\SysNative\MaxxAudioEQ.dll
[2012/12/12 17:01:32 | 000,958,296 | ---- | C] (Waves Audio Ltd.) -- X:\Windows\SysNative\MaxxAudioAPOShell64.dll
[2012/12/12 17:01:32 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- X:\Windows\SysNative\MaxxAudioAPO20.dll
[2012/12/12 17:01:27 | 002,528,832 | ---- | C] (Fortemedia Corporation) -- X:\Windows\SysNative\FMAPO64.dll
[2012/12/12 17:01:25 | 000,000,000 | ---D | C] -- X:\Program Files (x86)\Realtek
[2012/12/12 17:01:24 | 000,000,000 | -H-D | C] -- X:\Program Files (x86)\InstallShield Installation Information
[2012/12/12 17:01:20 | 000,000,000 | -H-D | C] -- X:\Program Files (x86)\Temp
[2012/12/12 17:01:17 | 000,000,000 | ---D | C] -- X:\Program Files (x86)\Common Files\InstallShield
[2012/12/12 17:01:02 | 000,000,000 | ---D | C] -- X:\ProgramData\NVIDIA
[2012/12/12 17:00:41 | 000,000,000 | ---D | C] -- X:\ProgramData\NVIDIA Corporation
[2012/12/12 17:00:40 | 000,000,000 | ---D | C] -- X:\Program Files (x86)\NVIDIA Corporation
[2012/12/12 16:59:57 | 000,000,000 | ---D | C] -- X:\Program Files\NVIDIA Corporation
[2012/12/12 16:58:39 | 000,000,000 | ---D | C] -- X:\Program Files\Common Files\Intel
[2012/12/12 16:58:34 | 000,000,000 | ---D | C] -- X:\Program Files (x86)\Common Files\Intel
[2012/12/12 16:58:09 | 000,051,200 | ---- | C] (Khronos Group) -- X:\Windows\SysWow64\OpenCL.dll
[2012/12/12 16:58:08 | 000,052,736 | ---- | C] (Khronos Group) -- X:\Windows\SysNative\OpenCL.dll
[2012/12/12 16:49:01 | 000,053,248 | R--- | C] (Windows XP Bundled build C-Centric Single User) -- X:\Windows\SysWow64\CSVer.dll
[2012/12/12 16:49:01 | 000,000,000 | ---D | C] -- X:\Program Files (x86)\Intel
[2012/12/12 16:48:21 | 000,000,000 | ---D | C] -- X:\Intel
[2012/12/12 16:45:14 | 000,000,000 | ---D | C] -- X:\Windows\SoftwareDistribution
[2012/12/12 16:43:13 | 000,000,000 | R--D | C] -- X:\Users\Levi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/12/12 16:43:13 | 000,000,000 | R--D | C] -- X:\Users\Levi\Searches
[2012/12/12 16:43:13 | 000,000,000 | R--D | C] -- X:\Users\Levi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/12/12 16:43:13 | 000,000,000 | -H-D | C] -- X:\Users\Levi\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2012/12/12 16:43:04 | 000,000,000 | ---D | C] -- X:\Users\Levi\AppData\Roaming\Identities
[2012/12/12 16:43:02 | 000,000,000 | R--D | C] -- X:\Users\Levi\Contacts
[2012/12/12 16:43:00 | 000,000,000 | ---D | C] -- X:\Users\Levi\AppData\Local\VirtualStore
[2012/12/12 16:42:51 | 000,000,000 | --SD | C] -- X:\Users\Levi\AppData\Roaming\Microsoft
[2012/12/12 16:42:51 | 000,000,000 | R--D | C] -- X:\Users\Levi\Videos
[2012/12/12 16:42:51 | 000,000,000 | R--D | C] -- X:\Users\Levi\Saved Games
[2012/12/12 16:42:51 | 000,000,000 | R--D | C] -- X:\Users\Levi\Pictures
[2012/12/12 16:42:51 | 000,000,000 | R--D | C] -- X:\Users\Levi\Music
[2012/12/12 16:42:51 | 000,000,000 | R--D | C] -- X:\Users\Levi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/12/12 16:42:51 | 000,000,000 | R--D | C] -- X:\Users\Levi\Links
[2012/12/12 16:42:51 | 000,000,000 | R--D | C] -- X:\Users\Levi\Favorites
[2012/12/12 16:42:51 | 000,000,000 | R--D | C] -- X:\Users\Levi\Downloads
[2012/12/12 16:42:51 | 000,000,000 | R--D | C] -- X:\Users\Levi\Documents
[2012/12/12 16:42:51 | 000,000,000 | R--D | C] -- X:\Users\Levi\Desktop
[2012/12/12 16:42:51 | 000,000,000 | R--D | C] -- X:\Users\Levi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/12/12 16:42:51 | 000,000,000 | -HSD | C] -- X:\Users\Levi\AppData\Local\Temporary Internet Files
[2012/12/12 16:42:51 | 000,000,000 | -HSD | C] -- X:\Users\Levi\Templates
[2012/12/12 16:42:51 | 000,000,000 | -HSD | C] -- X:\Users\Levi\Start Menu
[2012/12/12 16:42:51 | 000,000,000 | -HSD | C] -- X:\Users\Levi\SendTo
[2012/12/12 16:42:51 | 000,000,000 | -HSD | C] -- X:\Users\Levi\Recent
[2012/12/12 16:42:51 | 000,000,000 | -HSD | C] -- X:\Users\Levi\PrintHood
[2012/12/12 16:42:51 | 000,000,000 | -HSD | C] -- X:\Users\Levi\NetHood
[2012/12/12 16:42:51 | 000,000,000 | -HSD | C] -- X:\Users\Levi\Documents\My Videos
[2012/12/12 16:42:51 | 000,000,000 | -HSD | C] -- X:\Users\Levi\Documents\My Pictures
[2012/12/12 16:42:51 | 000,000,000 | -HSD | C] -- X:\Users\Levi\Documents\My Music
[2012/12/12 16:42:51 | 000,000,000 | -HSD | C] -- X:\Users\Levi\My Documents
[2012/12/12 16:42:51 | 000,000,000 | -HSD | C] -- X:\Users\Levi\Local Settings
[2012/12/12 16:42:51 | 000,000,000 | -HSD | C] -- X:\Users\Levi\AppData\Local\History
[2012/12/12 16:42:51 | 000,000,000 | -HSD | C] -- X:\Users\Levi\Cookies
[2012/12/12 16:42:51 | 000,000,000 | -HSD | C] -- X:\Users\Levi\Application Data
[2012/12/12 16:42:51 | 000,000,000 | -HSD | C] -- X:\Users\Levi\AppData\Local\Application Data
[2012/12/12 16:42:51 | 000,000,000 | -H-D | C] -- X:\Users\Levi\AppData
[2012/12/12 16:42:51 | 000,000,000 | ---D | C] -- X:\Users\Levi\AppData\Local\Temp
[2012/12/12 16:42:51 | 000,000,000 | ---D | C] -- X:\Users\Levi\AppData\Local\Microsoft
[2012/12/12 16:42:51 | 000,000,000 | ---D | C] -- X:\Users\Levi\AppData\Roaming\Media Center Programs
[2012/12/12 16:41:46 | 000,000,000 | -HSD | C] -- X:\Recovery
[2012/12/12 16:16:30 | 000,000,000 | -HSD | C] -- X:\System Volume Information
[1 X:\Windows\*.tmp files -> X:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/12/28 23:19:53 | 000,000,969 | ---- | M] () -- X:\Users\Public\Desktop\AVG 2013.lnk
[2012/12/28 23:17:49 | 000,021,888 | -H-- | M] () -- X:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/28 23:17:49 | 000,021,888 | -H-- | M] () -- X:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/28 23:16:34 | 000,726,316 | ---- | M] () -- X:\Windows\SysNative\PerfStringBackup.INI
[2012/12/28 23:16:34 | 000,624,178 | ---- | M] () -- X:\Windows\SysNative\perfh009.dat
[2012/12/28 23:16:34 | 000,106,522 | ---- | M] () -- X:\Windows\SysNative\perfc009.dat
[2012/12/28 23:13:13 | 000,004,096 | ---- | M] () -- X:\Windows\d3dx.dat
[2012/12/28 23:10:37 | 000,000,890 | ---- | M] () -- X:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/12/28 23:10:14 | 000,000,894 | ---- | M] () -- X:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/12/28 23:09:55 | 000,067,584 | --S- | M] () -- X:\Windows\bootstat.dat
[2012/12/28 23:09:46 | 2066,235,391 | -HS- | M] () -- X:\hiberfil.sys
[2012/12/28 23:08:33 | 000,000,000 | ---- | M] () -- X:\Windows\SysWow64\config.nt
[2012/12/28 23:08:00 | 000,000,000 | ---- | M] () -- X:\Users\Levi\AppData\Local\{047C981D-85C5-4871-B0AE-78E3AF274FBB}
[2012/12/28 23:04:57 | 000,002,297 | ---- | M] () -- X:\Users\Public\Desktop\Google Chrome.lnk
[2012/12/28 23:04:57 | 000,002,281 | ---- | M] () -- X:\Users\Levi\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/12/28 23:00:00 | 000,000,830 | ---- | M] () -- X:\Windows\tasks\Adobe Flash Player Updater.job
[2012/12/28 21:31:57 | 000,003,544 | ---- | M] () -- X:\bootsqm.dat
[2012/12/28 19:04:26 | 000,000,780 | ---- | M] () -- X:\Users\Public\Desktop\GameStop App.lnk
[2012/12/27 20:26:56 | 000,002,515 | ---- | M] () -- X:\Users\Public\Desktop\Skype.lnk
[2012/12/27 00:23:10 | 000,000,575 | ---- | M] () -- X:\Users\Public\Desktop\TERA-Launcher.lnk
[2012/12/25 22:19:36 | 000,001,993 | ---- | M] () -- X:\Users\Public\Desktop\PCSX2 0.9.8 (r4600).lnk
[2012/12/23 00:12:10 | 000,000,451 | ---- | M] () -- X:\user.js
[2012/12/22 23:50:58 | 000,001,297 | ---- | M] () -- X:\Users\Public\Desktop\YTD Video Downloader.lnk
[2012/12/21 03:16:33 | 000,339,784 | ---- | M] () -- X:\Windows\SysNative\FNTCACHE.DAT
[2012/12/19 22:59:24 | 000,000,219 | RH-- | M] () -- X:\Windows\ctfile.rfc
[2012/12/19 22:58:55 | 000,003,235 | ---- | M] () -- X:\Users\Levi\Desktop\CameraRecorder.lnk
[2012/12/19 22:48:51 | 000,001,169 | ---- | M] () -- X:\Users\Levi\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2012/12/19 22:48:51 | 000,001,145 | ---- | M] () -- X:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2012/12/15 00:12:51 | 000,002,188 | ---- | M] () -- X:\Users\Public\Desktop\The Sims™ 3.lnk
[2012/12/14 20:22:53 | 000,001,644 | ---- | M] () -- X:\Users\Public\Desktop\Adobe Reader XI.lnk
[2012/12/13 12:09:23 | 000,001,445 | ---- | M] () -- X:\Users\Levi\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/12/13 11:44:17 | 000,072,822 | ---- | M] () -- X:\Windows\SysWow64\ieuinit.inf
[2012/12/13 11:44:15 | 000,072,822 | ---- | M] () -- X:\Windows\SysNative\ieuinit.inf
[2012/12/12 22:03:24 | 000,003,021 | ---- | M] () -- X:\Users\Levi\Desktop\Microsoft Word 2010.lnk
[2012/12/12 20:29:22 | 000,000,815 | ---- | M] () -- X:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2012/12/12 20:28:12 | 000,000,000 | -H-- | M] () -- X:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01009.Wdf
[2012/12/12 20:28:12 | 000,000,000 | -H-- | M] () -- X:\Windows\SysNative\drivers\Msft_Kernel_MijXfilt_01009.Wdf
[2012/12/12 20:26:51 | 000,000,783 | ---- | M] () -- X:\Users\Public\Desktop\DS3 Tool.lnk
[2012/12/12 20:24:14 | 000,001,265 | ---- | M] () -- X:\Users\Levi\Desktop\SkyrimLauncher - Shortcut.lnk
[2012/12/12 20:15:29 | 000,000,740 | ---- | M] () -- X:\Users\Public\Desktop\Nexus Mod Manager.lnk
[2012/12/12 19:51:35 | 000,283,200 | ---- | M] (DT Soft Ltd) -- X:\Windows\SysNative\drivers\dtsoftbus01.sys
[2012/12/12 19:37:14 | 000,108,227 | ---- | M] () -- X:\Windows\SysWow64\license.rtf
[2012/12/12 19:37:14 | 000,108,227 | ---- | M] () -- X:\Windows\SysNative\license.rtf
[2012/12/12 18:50:17 | 000,001,724 | ---- | M] () -- X:\Users\Public\Desktop\Play League of Legends.lnk
[2012/12/12 17:57:33 | 000,000,971 | ---- | M] () -- X:\Users\Public\Desktop\BitTorrent.lnk
[2012/12/12 17:43:13 | 000,000,632 | RHS- | M] () -- X:\Users\Levi\ntuser.pol
[2012/12/12 17:29:01 | 000,001,151 | ---- | M] () -- X:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/12/12 17:28:10 | 000,000,000 | -H-- | M] () -- X:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012/12/12 17:15:44 | 000,000,000 | -H-- | M] () -- X:\Windows\SysNative\drivers\Msft_Kernel_iusb3hcs_01009.Wdf
[2012/12/12 17:12:25 | 000,018,128 | ---- | M] () -- X:\Windows\SysNative\results.xml
[2012/12/12 17:08:34 | 000,000,000 | -H-- | M] () -- X:\Windows\SysNative\drivers\Msft_Kernel_AMPPAL_01009.Wdf
[2012/12/12 17:04:06 | 000,002,272 | ---- | M] () -- X:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Qualcomm Atheros Killer Network Manager.lnk
[2012/12/12 17:04:06 | 000,002,242 | ---- | M] () -- X:\Users\Public\Desktop\Qualcomm Atheros Killer Network Manager.lnk
[2012/12/03 10:47:14 | 000,014,446 | ---- | M] () -- X:\Windows\SysNative\nvinfo.pb
[2012/12/01 00:49:26 | 003,663,213 | ---- | M] () -- X:\Windows\SysNative\nvcoproc.bin
[1 X:\Windows\*.tmp files -> X:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/12/28 23:19:53 | 000,000,969 | ---- | C] () -- X:\Users\Public\Desktop\AVG 2013.lnk
[2012/12/28 23:13:13 | 000,004,096 | ---- | C] () -- X:\Windows\d3dx.dat
[2012/12/28 23:08:00 | 000,000,000 | ---- | C] () -- X:\Users\Levi\AppData\Local\{047C981D-85C5-4871-B0AE-78E3AF274FBB}
[2012/12/28 23:04:57 | 000,002,297 | ---- | C] () -- X:\Users\Public\Desktop\Google Chrome.lnk
[2012/12/28 23:04:57 | 000,002,281 | ---- | C] () -- X:\Users\Levi\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/12/28 23:03:16 | 000,000,894 | ---- | C] () -- X:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/12/28 23:03:15 | 000,000,890 | ---- | C] () -- X:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/12/28 23:03:05 | 000,000,000 | ---- | C] () -- X:\Windows\SysWow64\config.nt
[2012/12/28 21:31:57 | 000,003,544 | ---- | C] () -- X:\bootsqm.dat
[2012/12/28 19:04:26 | 000,000,780 | ---- | C] () -- X:\Users\Public\Desktop\GameStop App.lnk
[2012/12/27 20:26:56 | 000,002,515 | ---- | C] () -- X:\Users\Public\Desktop\Skype.lnk
[2012/12/27 00:23:10 | 000,000,575 | ---- | C] () -- X:\Users\Public\Desktop\TERA-Launcher.lnk
[2012/12/26 18:06:54 | 000,000,830 | ---- | C] () -- X:\Windows\tasks\Adobe Flash Player Updater.job
[2012/12/25 22:19:36 | 000,001,993 | ---- | C] () -- X:\Users\Public\Desktop\PCSX2 0.9.8 (r4600).lnk
[2012/12/25 17:17:20 | 000,001,309 | ---- | C] () -- X:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
[2012/12/25 17:17:17 | 000,001,378 | ---- | C] () -- X:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
[2012/12/25 17:17:11 | 000,001,462 | ---- | C] () -- X:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2012/12/25 17:17:08 | 000,002,490 | ---- | C] () -- X:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2012/12/25 17:15:19 | 000,002,123 | ---- | C] () -- X:\Users\Levi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
[2012/12/23 00:12:09 | 000,000,451 | ---- | C] () -- X:\user.js
[2012/12/22 23:50:58 | 000,001,297 | ---- | C] () -- X:\Users\Public\Desktop\YTD Video Downloader.lnk
[2012/12/19 22:59:24 | 000,057,607 | ---- | C] () -- X:\Windows\MBSpkrEQ.cfg
[2012/12/19 22:48:51 | 000,001,169 | ---- | C] () -- X:\Users\Levi\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2012/12/19 22:48:51 | 000,001,145 | ---- | C] () -- X:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2012/12/15 00:12:51 | 000,002,188 | ---- | C] () -- X:\Users\Public\Desktop\The Sims™ 3.lnk
[2012/12/14 20:22:53 | 000,001,644 | ---- | C] () -- X:\Users\Public\Desktop\Adobe Reader XI.lnk
[2012/12/14 20:22:52 | 000,002,441 | ---- | C] () -- X:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2012/12/13 11:51:10 | 000,000,003 | ---- | C] () -- X:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/12/13 11:44:17 | 000,072,822 | ---- | C] () -- X:\Windows\SysWow64\ieuinit.inf
[2012/12/13 11:44:15 | 000,072,822 | ---- | C] () -- X:\Windows\SysNative\ieuinit.inf
[2012/12/13 11:33:46 | 000,000,003 | ---- | C] () -- X:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/12/12 22:03:24 | 000,003,021 | ---- | C] () -- X:\Users\Levi\Desktop\Microsoft Word 2010.lnk
[2012/12/12 20:28:12 | 000,000,000 | -H-- | C] () -- X:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01009.Wdf
[2012/12/12 20:28:12 | 000,000,000 | -H-- | C] () -- X:\Windows\SysNative\drivers\Msft_Kernel_MijXfilt_01009.Wdf
[2012/12/12 20:26:51 | 000,000,783 | ---- | C] () -- X:\Users\Public\Desktop\DS3 Tool.lnk
[2012/12/12 20:24:14 | 000,001,265 | ---- | C] () -- X:\Users\Levi\Desktop\SkyrimLauncher - Shortcut.lnk
[2012/12/12 20:15:29 | 000,000,740 | ---- | C] () -- X:\Users\Public\Desktop\Nexus Mod Manager.lnk
[2012/12/12 19:51:56 | 000,000,815 | ---- | C] () -- X:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2012/12/12 19:37:01 | 000,001,326 | ---- | C] () -- X:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012/12/12 19:36:58 | 000,001,345 | ---- | C] () -- X:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012/12/12 19:34:29 | 2066,235,391 | -HS- | C] () -- X:\hiberfil.sys
[2012/12/12 18:50:17 | 000,001,724 | ---- | C] () -- X:\Users\Public\Desktop\Play League of Legends.lnk
[2012/12/12 17:57:33 | 000,000,971 | ---- | C] () -- X:\Users\Public\Desktop\BitTorrent.lnk
[2012/12/12 17:55:23 | 000,178,688 | ---- | C] () -- X:\Windows\SysWow64\unrar.dll
[2012/12/12 17:43:13 | 000,000,632 | RHS- | C] () -- X:\Users\Levi\ntuser.pol
[2012/12/12 17:29:01 | 000,001,163 | ---- | C] () -- X:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/12/12 17:29:01 | 000,001,151 | ---- | C] () -- X:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/12/12 17:28:46 | 000,001,445 | ---- | C] () -- X:\Users\Levi\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/12/12 17:28:10 | 000,000,000 | -H-- | C] () -- X:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012/12/12 17:24:51 | 000,002,627 | ---- | C] () -- X:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSI VGA Overclock.lnk
[2012/12/12 17:23:09 | 000,006,985 | ---- | C] () -- X:\Windows\SysNative\THXCfgUninstall64.ini
[2012/12/12 17:23:09 | 000,006,772 | ---- | C] () -- X:\Windows\SysNative\THXCfg64.ini
[2012/12/12 17:23:09 | 000,001,313 | ---- | C] () -- X:\Windows\THXCfg_SP_APOIM.ini
[2012/12/12 17:23:09 | 000,001,212 | ---- | C] () -- X:\Windows\THXCfg_HP_APOIM.ini
[2012/12/12 17:23:09 | 000,001,212 | ---- | C] () -- X:\Windows\THXCfg_APOIM.ini
[2012/12/12 17:23:06 | 000,237,056 | ---- | C] () -- X:\Windows\SysNative\APOMgr64.DLL
[2012/12/12 17:23:06 | 000,182,272 | ---- | C] () -- X:\Windows\SysWow64\APOMngr.DLL
[2012/12/12 17:23:06 | 000,089,088 | ---- | C] () -- X:\Windows\SysNative\CmdRtr64.DLL
[2012/12/12 17:23:06 | 000,073,728 | ---- | C] () -- X:\Windows\SysWow64\CmdRtr.DLL
[2012/12/12 17:23:06 | 000,000,219 | RH-- | C] () -- X:\Windows\ctfile.rfc
[2012/12/12 17:22:26 | 000,003,235 | ---- | C] () -- X:\Users\Levi\Desktop\CameraRecorder.lnk
[2012/12/12 17:15:44 | 000,000,000 | -H-- | C] () -- X:\Windows\SysNative\drivers\Msft_Kernel_iusb3hcs_01009.Wdf
[2012/12/12 17:12:25 | 000,018,128 | ---- | C] () -- X:\Windows\SysNative\results.xml
[2012/12/12 17:09:25 | 000,015,128 | ---- | C] () -- X:\Windows\SysNative\drivers\IntelMEFWVer.dll
[2012/12/12 17:08:34 | 000,000,000 | -H-- | C] () -- X:\Windows\SysNative\drivers\Msft_Kernel_AMPPAL_01009.Wdf
[2012/12/12 17:04:06 | 000,002,272 | ---- | C] () -- X:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Qualcomm Atheros Killer Network Manager.lnk
[2012/12/12 17:04:06 | 000,002,242 | ---- | C] () -- X:\Users\Public\Desktop\Qualcomm Atheros Killer Network Manager.lnk
[2012/12/12 17:01:36 | 000,238,448 | ---- | C] () -- X:\Windows\SysNative\drivers\RTAIODAT.DAT
[2012/12/12 17:00:52 | 003,663,213 | ---- | C] () -- X:\Windows\SysNative\nvcoproc.bin
[2012/12/12 17:00:36 | 000,014,446 | ---- | C] () -- X:\Windows\SysNative\nvinfo.pb
[2012/12/12 16:58:09 | 000,221,099 | ---- | C] () -- X:\Windows\SysNative\Gfxres.th-TH.resources
[2012/12/12 16:58:09 | 000,191,775 | ---- | C] () -- X:\Windows\SysNative\Gfxres.ru-RU.resources
[2012/12/12 16:58:09 | 000,148,033 | ---- | C] () -- X:\Windows\SysNative\Gfxres.it-IT.resources
[2012/12/12 16:58:09 | 000,146,675 | ---- | C] () -- X:\Windows\SysNative\Gfxres.ko-KR.resources
[2012/12/12 16:58:09 | 000,144,338 | ---- | C] () -- X:\Windows\SysNative\Gfxres.ro-RO.resources
[2012/12/12 16:58:09 | 000,143,155 | ---- | C] () -- X:\Windows\SysNative\Gfxres.tr-TR.resources
[2012/12/12 16:58:09 | 000,142,664 | ---- | C] () -- X:\Windows\SysNative\Gfxres.pt-BR.resources
[2012/12/12 16:58:09 | 000,142,335 | ---- | C] () -- X:\Windows\SysNative\Gfxres.nl-NL.resources
[2012/12/12 16:58:09 | 000,142,189 | ---- | C] () -- X:\Windows\SysNative\Gfxres.hu-HU.resources
[2012/12/12 16:58:09 | 000,141,644 | ---- | C] () -- X:\Windows\SysNative\Gfxres.pt-PT.resources
[2012/12/12 16:58:09 | 000,141,435 | ---- | C] () -- X:\Windows\SysNative\Gfxres.sv-SE.resources
[2012/12/12 16:58:09 | 000,140,923 | ---- | C] () -- X:\Windows\SysNative\Gfxres.pl-PL.resources
[2012/12/12 16:58:09 | 000,140,122 | ---- | C] () -- X:\Windows\SysNative\Gfxres.sk-SK.resources
[2012/12/12 16:58:09 | 000,136,451 | ---- | C] () -- X:\Windows\SysNative\Gfxres.sl-SI.resources
[2012/12/12 16:58:09 | 000,131,317 | ---- | C] () -- X:\Windows\SysNative\Gfxres.en-US.resources
[2012/12/12 16:58:09 | 000,124,962 | ---- | C] () -- X:\Windows\SysNative\Gfxres.zh-TW.resources
[2012/12/12 16:58:09 | 000,079,360 | ---- | C] () -- X:\Windows\SysNative\igdde64.dll
[2012/12/12 16:58:09 | 000,059,104 | ---- | C] () -- X:\Windows\SysNative\iglhxc64_dev.vp
[2012/12/12 16:58:09 | 000,058,880 | ---- | C] () -- X:\Windows\SysWow64\igdde32.dll
[2012/12/12 16:58:09 | 000,058,796 | ---- | C] () -- X:\Windows\SysNative\iglhxg64_dev.vp
[2012/12/12 16:58:09 | 000,058,109 | ---- | C] () -- X:\Windows\SysNative\iglhxo64_dev.vp
[2012/12/12 16:58:09 | 000,009,216 | ---- | C] ( ) -- X:\Windows\SysNative\IGFXDEVLib.dll
[2012/12/12 16:58:08 | 017,165,312 | ---- | C] () -- X:\Windows\SysNative\ig7icd64.dll
[2012/12/12 16:58:08 | 012,978,688 | ---- | C] () -- X:\Windows\SysWow64\ig7icd32.dll
[2012/12/12 16:58:08 | 001,981,696 | ---- | C] () -- X:\Windows\SysNative\iglhxa64.cpa
[2012/12/12 16:58:08 | 000,734,772 | ---- | C] () -- X:\Windows\SysWow64\igkrng700.bin
[2012/12/12 16:58:08 | 000,734,772 | ---- | C] () -- X:\Windows\SysNative\igkrng700.bin
[2012/12/12 16:58:08 | 000,557,476 | ---- | C] () -- X:\Windows\SysWow64\igfcg700m.bin
[2012/12/12 16:58:08 | 000,557,476 | ---- | C] () -- X:\Windows\SysNative\igfcg700m.bin
[2012/12/12 16:58:08 | 000,207,830 | ---- | C] () -- X:\Windows\SysNative\Gfxres.el-GR.resources
[2012/12/12 16:58:08 | 000,164,334 | ---- | C] () -- X:\Windows\SysNative\Gfxres.ar-SA.resources
[2012/12/12 16:58:08 | 000,161,613 | ---- | C] () -- X:\Windows\SysNative\Gfxres.ja-JP.resources
[2012/12/12 16:58:08 | 000,157,226 | ---- | C] () -- X:\Windows\SysNative\Gfxres.he-IL.resources
[2012/12/12 16:58:08 | 000,145,687 | ---- | C] () -- X:\Windows\SysNative\Gfxres.es-ES.resources
[2012/12/12 16:58:08 | 000,145,579 | ---- | C] () -- X:\Windows\SysNative\Gfxres.de-DE.resources
[2012/12/12 16:58:08 | 000,143,805 | ---- | C] () -- X:\Windows\SysNative\Gfxres.fr-FR.resources
[2012/12/12 16:58:08 | 000,140,885 | ---- | C] () -- X:\Windows\SysNative\Gfxres.cs-CZ.resources
[2012/12/12 16:58:08 | 000,140,549 | ---- | C] () -- X:\Windows\SysNative\Gfxres.fi-FI.resources
[2012/12/12 16:58:08 | 000,139,487 | ---- | C] () -- X:\Windows\SysNative\Gfxres.hr-HR.resources
[2012/12/12 16:58:08 | 000,136,369 | ---- | C] () -- X:\Windows\SysNative\Gfxres.nb-NO.resources
[2012/12/12 16:58:08 | 000,135,868 | ---- | C] () -- X:\Windows\SysNative\Gfxres.da-DK.resources
[2012/12/12 16:58:08 | 000,123,467 | ---- | C] () -- X:\Windows\SysNative\Gfxres.zh-CN.resources
[2012/12/12 16:58:08 | 000,094,208 | ---- | C] () -- X:\Windows\SysNative\IccLibDll_x64.dll
[2012/12/12 16:58:08 | 000,059,425 | ---- | C] () -- X:\Windows\SysNative\iglhxo64.vp
[2012/12/12 16:58:08 | 000,059,398 | ---- | C] () -- X:\Windows\SysNative\iglhxg64.vp
[2012/12/12 16:58:08 | 000,059,230 | ---- | C] () -- X:\Windows\SysNative\iglhxc64.vp
[2012/12/12 16:58:08 | 000,018,488 | ---- | C] () -- X:\Windows\SysNative\iglhxs64.vp
[2012/12/12 16:58:08 | 000,000,264 | ---- | C] () -- X:\Windows\SysNative\GfxUI.exe.config
[2012/12/12 16:44:05 | 000,001,417 | ---- | C] () -- X:\Users\Levi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012/12/12 16:44:00 | 000,001,451 | ---- | C] () -- X:\Users\Levi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/12/12 16:42:51 | 000,000,290 | ---- | C] () -- X:\Users\Levi\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/12/12 16:42:51 | 000,000,272 | ---- | C] () -- X:\Users\Levi\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- X:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = X:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = X:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = X:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/12/28 23:20:16 | 000,000,000 | ---D | M] -- X:\Users\Levi\AppData\Roaming\AVG2013
[2012/12/27 03:25:46 | 000,000,000 | ---D | M] -- X:\Users\Levi\AppData\Roaming\BitTorrent
[2012/12/26 17:52:17 | 000,000,000 | ---D | M] -- X:\Users\Levi\AppData\Roaming\DAEMON Tools Lite
[2012/12/22 22:32:03 | 000,000,000 | ---D | M] -- X:\Users\Levi\AppData\Roaming\fltk.org
[2012/12/12 19:05:08 | 000,000,000 | ---D | M] -- X:\Users\Levi\AppData\Roaming\LolClient
[2012/12/12 20:26:53 | 000,000,000 | ---D | M] -- X:\Users\Levi\AppData\Roaming\MotioninJoy
[2012/12/12 19:51:30 | 000,000,000 | ---D | M] -- X:\Users\Levi\AppData\Roaming\OpenCandy
[2012/12/28 19:04:30 | 000,000,000 | ---D | M] -- X:\Users\Levi\AppData\Roaming\Stardock
[2012/12/12 17:41:43 | 000,000,000 | ---D | M] -- X:\Users\Levi\AppData\Roaming\TuneUp Software

========== Purity Check ==========



< End of report >

Attached Files

  • Attached File  OTL.Txt   155.21KB   64 downloads

  • 0

Advertisements

#2
Essexboy
Posted 01 January 2013 - 10:24 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi let me know if this stops it

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:OTL
O4 - HKLM..\Run: [Adobe] C:\ProgramData\Adobe\15CA8E2.vbe ()
[2012/12/12 19:51:30 | 000,000,000 | ---D | C] -- X:\Users\Levi\AppData\Roaming\OpenCandy

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 1

#3
jhey0214
Posted 01 January 2013 - 04:31 PM

jhey0214

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Awesome!!! its all gone now!

Thanks so much for your help :D
  • 0

#4
Essexboy
Posted 02 January 2013 - 08:07 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
My pleasure, and thank you :thumbsup:

I see you are running both Avast and AVG I would recommend that one of them be uninstalled. If you let me know which one I will provide the proper tool to remove them

Any further problems ?
  • 0

#5
jhey0214
Posted 02 January 2013 - 09:54 AM

jhey0214

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
No more problems thanks!
  • 0

#6
Essexboy
Posted 02 January 2013 - 10:38 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Posted Image Malwarebytes.

Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

If you use on-line banking then as an added layer of protection install Trusteer Rapport

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe :wave:
  • 1

#7
Essexboy
Posted 05 January 2013 - 07:31 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP