Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan.Banker infection; partial disinfection?

Started by herpcubed , Apr 29 2011 02:52 AM

  • Please log in to reply

#1
herpcubed
Posted 29 April 2011 - 02:52 AM

herpcubed

    New Member

  • Member
  • Pip
  • 1 posts
Wonderful. I've gone and done something miraculously stupid. I'm not even sure which act of stupidity it was, but I was sick and bored over the weekend and apparently managed to get a computer virus on top of my sinus one.

I'm not really a computer newbie, but due to (well, up until now) good "hygiene" I've never really had to deal with malware removal.

I was poking around on task manager for some reason or another when I noticed a mysterious nvdisp.exe, with a suiting description of something like "PHP Bot." Suspecting something of the trout or salmon (fishy) variety, I both google it and go to the file location. Next to it is one, very brilliantly named "nvidia.txt" with a relatively large (well, for a txt) file size. Opening it up reveals a trove of everything I've visited and done with my computer in the last few days; active windows, probably had all my passwords there, etc.

So, performing what I thought at the time would probably be a good idea, I scan both files with MBAM, and they show up as one, very generic sounding Trojan.Banker. Never before has the delete key been hit; but to no avail--I get the "remove on next startup" message. That not being good enough to appease me, I remember to kill the task and delete the two files manually.

However, on googlation, I discovered that this wasn't really the "one file" kind of Trojan I found there. In fact, on running HijackThis, I found a few fishy-sounding nVidia driver-esque files of a questionable sort.

So yeah. I'm worried that sometime--next boot, whatever--it'll just remake the files and keep chugging on. Thanks in advance for helping me with this!

Oh yeah, the OTL Log:

OTL logfile created on: 4/29/2011 4:25:17 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\UNIt2N\Downloads
64bit- An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 18.00% Memory free
12.00 Gb Paging File | 6.00 Gb Available in Paging File | 53.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 279.37 Gb Total Space | 42.02 Gb Free Space | 15.04% Space Free | Partition Type: NTFS
Drive E: | 596.17 Gb Total Space | 248.47 Gb Free Space | 41.68% Space Free | Partition Type: NTFS
Drive F: | 931.51 Gb Total Space | 111.12 Gb Free Space | 11.93% Space Free | Partition Type: NTFS
Drive I: | 7.91 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive X: | 1863.01 Gb Total Space | 1223.49 Gb Free Space | 65.67% Space Free | Partition Type: NTFS

Computer Name: UNIT2N | User Name: UNIt2N | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/29 04:24:49 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\UNIt2N\Downloads\OTL.exe
PRC - [2011/04/26 14:51:05 | 000,071,464 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\GameOverlayUI.exe
PRC - [2011/04/26 14:51:04 | 000,403,240 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2011/04/16 00:04:44 | 000,103,760 | ---- | M] () -- c:\Program Files (x86)\Steam\steamapps\verifiedinsanity\team fortress 2\hl2.exe
PRC - [2011/03/26 04:35:00 | 002,218,600 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/03/11 01:00:00 | 002,270,560 | ---- | M] (Cerulean Studios) -- C:\Program Files (x86)\Trillian\trillian.exe
PRC - [2011/01/16 00:54:16 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011/01/07 19:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/12/20 19:08:46 | 000,963,976 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2010/12/16 22:24:30 | 023,343,848 | ---- | M] (Dropbox, Inc.) -- C:\Users\UNIt2N\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2010/11/16 19:35:36 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2010/10/29 05:50:08 | 001,538,040 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\TotalCare\Firewall\GDFirewallTray.exe
PRC - [2010/10/29 05:49:38 | 001,098,232 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
PRC - [2010/10/29 05:48:36 | 001,232,888 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\TotalCare\GUI\GDSC.exe
PRC - [2010/10/29 05:47:58 | 000,995,832 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\TotalCare\AVKTray\AVKTray.exe
PRC - [2010/10/28 19:17:10 | 000,340,984 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
PRC - [2010/08/09 13:45:42 | 002,922,496 | ---- | M] (WhatPulse.org) -- C:\Program Files (x86)\WhatPulse\WhatPulse.exe
PRC - [2010/07/13 16:43:50 | 000,720,896 | ---- | M] (Data Robotics, Inc.) -- C:\Program Files (x86)\Drobo\Drobo Dashboard\Support\DDService.exe
PRC - [2010/07/05 08:37:08 | 000,011,776 | ---- | M] () -- C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe
PRC - [2010/04/12 19:31:00 | 000,410,696 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\TotalCare\AVK\AVKService.exe
PRC - [2010/03/25 20:42:46 | 000,341,576 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\TotalCare\AVK\AVK.exe
PRC - [2010/03/11 14:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2010/03/05 02:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
PRC - [2010/01/22 15:29:40 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009/08/29 02:00:12 | 000,966,656 | ---- | M] () -- C:\Users\UNIt2N\Local Settings\Apps\F.lux\flux.exe


========== Modules (SafeList) ==========

MOD - [2011/04/29 04:24:49 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\UNIt2N\Downloads\OTL.exe
MOD - [2010/11/20 07:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/12/13 15:37:16 | 000,194,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV:64bit: - [2010/10/08 01:18:46 | 000,697,616 | ---- | M] () [Auto | Running] -- C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe -- (ipsecd)
SRV:64bit: - [2010/10/08 01:18:46 | 000,056,592 | ---- | M] () [Auto | Running] -- C:\Program Files\ShrewSoft\VPN Client\dtpd.exe -- (dtpd)
SRV:64bit: - [2010/10/08 01:18:44 | 000,957,712 | ---- | M] () [Auto | Running] -- C:\Program Files\ShrewSoft\VPN Client\iked.exe -- (iked)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011/04/26 14:51:04 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/03/26 04:35:00 | 002,218,600 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/01/16 00:54:16 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/01/07 19:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/12/14 17:17:12 | 000,128,928 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2010/10/29 05:49:38 | 001,098,232 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe -- (AVKProxy)
SRV - [2010/10/28 19:49:30 | 000,907,256 | ---- | M] (G Data Software AG) [On_Demand | Stopped] -- C:\Program Files (x86)\G Data\TotalCare\AVKBackup\AVKBackupService.exe -- (GDBackupSvc)
SRV - [2010/10/28 19:17:10 | 000,340,984 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe -- (GDScan)
SRV - [2010/10/17 15:38:42 | 000,742,912 | ---- | M] (FileZilla Project) [On_Demand | Stopped] -- C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe -- (FileZilla Server)
SRV - [2010/08/25 19:43:15 | 001,718,608 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files (x86)\G Data\TotalCare\Firewall\GDFwSvcx64.exe -- (GDFwSvc)
SRV - [2010/08/25 19:29:57 | 001,865,344 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\G Data\TotalCare\AVK\AVKWCtlX64.exe -- (AVKWCtl)
SRV - [2010/07/16 16:09:26 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/07/13 16:43:50 | 000,720,896 | ---- | M] (Data Robotics, Inc.) [Auto | Running] -- C:\Program Files (x86)\Drobo\Drobo Dashboard\Support\DDService.exe -- (DDService)
SRV - [2010/07/05 08:37:08 | 000,011,776 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe -- (DokanMounter)
SRV - [2010/04/12 19:31:00 | 000,410,696 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\TotalCare\AVK\AVKService.exe -- (AVKService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/11 14:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2010/03/08 05:17:54 | 000,934,984 | ---- | M] (G Data Software AG) [On_Demand | Stopped] -- C:\Program Files (x86)\G Data\TotalCare\AVKTuner\AVKTunerService.exe -- (GDTunerSvc)
SRV - [2010/03/05 02:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2010/02/19 16:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/10/08 01:15:04 | 000,015,872 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\WiTopia.Net\bin\openvpnserv.exe -- (OpenVPNService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/18 17:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/12/22 16:08:50 | 000,154,256 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2010/12/21 22:13:04 | 000,085,880 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\MiniIcpt.sys -- (GDMnIcpt)
DRV:64bit: - [2010/12/21 22:13:04 | 000,040,824 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\GDBehave.sys -- (GDBehave)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/18 20:27:31 | 000,087,456 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2010/11/11 19:10:49 | 000,155,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010/09/09 15:50:16 | 000,013,920 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SWDUMon.sys -- (SWDUMon)
DRV:64bit: - [2010/09/09 12:22:30 | 000,057,288 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PktIcpt.sys -- (GDPkIcpt)
DRV:64bit: - [2010/09/09 12:14:50 | 000,049,096 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\HookCentre.sys -- (HookCentre)
DRV:64bit: - [2010/09/02 03:18:46 | 000,021,504 | ---- | M] (Shrew Soft Inc) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vfilter.sys -- (vflt)
DRV:64bit: - [2010/09/02 03:18:46 | 000,017,408 | ---- | M] (Shrew Soft Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\virtualnet.sys -- (vnet)
DRV:64bit: - [2010/08/10 10:38:50 | 000,050,056 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiBus.sys -- (SaiNtBus)
DRV:64bit: - [2010/08/10 10:38:50 | 000,022,792 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiMini.sys -- (SaiMini)
DRV:64bit: - [2010/08/10 10:38:40 | 000,171,016 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SaiK0CCB.sys -- (SaiK0CCB)
DRV:64bit: - [2010/08/07 21:52:59 | 000,106,224 | ---- | M] (G Data Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\GRD.sys -- (GRD)
DRV:64bit: - [2010/08/07 21:38:04 | 000,048,584 | ---- | M] (G DATA Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gdwfpcd64.sys -- (gdwfpcd)
DRV:64bit: - [2010/07/05 21:29:12 | 000,106,888 | ---- | M] (Windows ® Win 7 DDK provider) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\dokan.sys -- (Dokan)
DRV:64bit: - [2010/05/20 18:26:28 | 000,036,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nx6000.sys -- (MSHUSBVideo)
DRV:64bit: - [2010/04/22 08:22:50 | 000,041,096 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SaiU0CCB.sys -- (SaiU0CCB)
DRV:64bit: - [2010/04/19 20:29:18 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2010/03/17 04:14:02 | 000,302,632 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv91xx.sys -- (mv91xx)
DRV:64bit: - [2010/01/27 12:22:02 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2010/01/27 12:21:36 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2010/01/22 15:22:22 | 000,180,224 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/01/22 15:22:18 | 000,077,824 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/01/08 06:23:00 | 000,395,776 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/12/30 11:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
DRV:64bit: - [2009/12/17 18:25:17 | 000,034,472 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2009/11/23 17:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009/11/23 17:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009/10/20 13:08:46 | 000,047,104 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\swmsflt.sys -- (swmsflt)
DRV:64bit: - [2009/08/09 17:25:45 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2009/08/04 11:42:00 | 000,211,328 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\swmx00.sys -- (SWMX00) Sierra Wireless USB MUX Driver (#00)
DRV:64bit: - [2009/08/04 11:40:58 | 000,285,696 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SWNC5E00.sys -- (SWNC5E00) Sierra Wireless MUX NDIS Driver (#00)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:06:43 | 000,060,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\61883.sys -- (61883)
DRV:64bit: - [2009/07/13 20:06:43 | 000,048,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avc.sys -- (Avc)
DRV:64bit: - [2009/07/13 20:06:42 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msdv.sys -- (MSDV)
DRV:64bit: - [2009/07/13 20:06:40 | 000,017,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avcstrm.sys -- (AVCSTRM)
DRV:64bit: - [2009/07/13 20:06:39 | 000,056,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mstape.sys -- (MSTAPE)
DRV:64bit: - [2009/07/09 06:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 16:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/10/08 01:15:12 | 000,029,696 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2007/12/26 02:46:26 | 000,340,992 | ---- | M] (NETGEAR Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wg111v2.sys -- (RTL8187)
DRV:64bit: - [2007/04/17 11:51:50 | 000,014,112 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\regi.sys -- (regi)
DRV - [2011/02/12 13:44:34 | 000,106,224 | ---- | M] (G Data Software) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\GRD.sys -- (GRD)
DRV - [2010/12/18 07:03:58 | 000,025,280 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan)
DRV - [2009/11/12 17:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 66 6B 0F 76 5D CE CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.nytimes.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {01A8CA0A-4C96-465b-A49B-65C46FAD54F9}:6.0
FF - prefs.js..extensions.enabledItems: {340c2bbc-ce74-4362-90b5-7c26312808ef}:1.6.2
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.1
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0
FF - prefs.js..extensions.enabledItems: [email protected]:6.2.0.743
FF - prefs.js..extensions.enabledItems: {e968fc70-8f95-4ab9-9e79-304de2a71ee1}:0.7.3
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908
FF - prefs.js..extensions.enabledItems: [email protected]:0.9.2
FF - prefs.js..extensions.enabledItems: [email protected]:2.22.5
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.6
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..network.proxy.autoconfig_url: "http://support.perso...xyconf_iad.pac"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2010/07/16 16:36:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/04/08 00:54:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/04/24 16:00:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 5\components [2011/03/06 03:09:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 5\plugins

[2010/07/16 00:37:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\UNIt2N\AppData\Roaming\mozilla\Extensions
[2011/04/24 03:47:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\UNIt2N\AppData\Roaming\mozilla\Firefox\Profiles\bg1d16gv.default\extensions
[2011/01/28 13:25:43 | 000,000,000 | ---D | M] (User Agent Switcher) -- C:\Users\UNIt2N\AppData\Roaming\mozilla\Firefox\Profiles\bg1d16gv.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
[2011/01/28 00:40:13 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\UNIt2N\AppData\Roaming\mozilla\Firefox\Profiles\bg1d16gv.default\extensions\[email protected]
[2011/04/02 02:29:37 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Users\UNIt2N\AppData\Roaming\mozilla\Firefox\Profiles\bg1d16gv.default\extensions\[email protected]
[2010/07/18 23:25:11 | 000,000,000 | ---D | M] (LogMeIn, Inc. Rescue Technician Console) -- C:\Users\UNIt2N\AppData\Roaming\mozilla\Firefox\Profiles\bg1d16gv.default\extensions\[email protected]
[2011/04/16 20:20:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/04/16 20:20:20 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/07/16 00:41:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
File not found (No name found) --
[2010/07/16 16:36:21 | 000,000,000 | ---D | M] (Adobe Contribute Toolbar) -- C:\PROGRAM FILES (X86)\ADOBE\ADOBE CONTRIBUTE CS5\PLUGINS\FIREFOXPLUGIN\{01A8CA0A-4C96-465B-A49B-65C46FAD54F9}
() (No name found) -- C:\USERS\UNIT2N\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BG1D16GV.DEFAULT\EXTENSIONS\{340C2BBC-CE74-4362-90B5-7C26312808EF}.XPI
() (No name found) -- C:\USERS\UNIT2N\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BG1D16GV.DEFAULT\EXTENSIONS\{59C81DF5-4B7A-477B-912D-4E0FDF64E5F2}.XPI
() (No name found) -- C:\USERS\UNIT2N\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BG1D16GV.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\USERS\UNIT2N\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BG1D16GV.DEFAULT\EXTENSIONS\{A0D7CCB3-214D-498B-B4AA-0E8FDA9A7BF7}.XPI
() (No name found) -- C:\USERS\UNIT2N\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BG1D16GV.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\UNIT2N\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BG1D16GV.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
() (No name found) -- C:\USERS\UNIT2N\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BG1D16GV.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\UNIT2N\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BG1D16GV.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\UNIT2N\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BG1D16GV.DEFAULT\EXTENSIONS\[email protected]
[2011/04/08 00:53:58 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
[2010/03/27 21:06:04 | 000,067,032 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npContribute.dll
[2010/07/16 00:41:04 | 000,423,656 | ---- | M] (Oracle) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/03/16 17:17:25 | 000,000,877 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 74.208.10.249 gs.apple.com
O2:64bit: - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\TotalCare\Webfilter\AvkWebIEx64.dll (G Data Software AG)
O2 - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\TotalCare\Webfilter\AvkWebIE.dll (G Data Software AG)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\TotalCare\Webfilter\AvkWebIEx64.dll (G Data Software AG)
O3 - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\TotalCare\Webfilter\AvkWebIE.dll (G Data Software AG)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [WinPatrol] File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Program Files (x86)\G Data\TotalCare\AVKTray\AVKTray.exe (G Data Software AG)
O4 - HKLM..\Run: [GDFirewallTray] C:\Program Files (x86)\G Data\TotalCare\Firewall\GDFirewallTray.exe (G Data Software AG)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKCU..\Run: [F.lux] C:\Users\UNIt2N\Local Settings\Apps\F.lux\flux.exe ()
O4 - HKCU..\Run: [FileHippo.com] C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [WhatPulse] C:\Program Files (x86)\WhatPulse\WhatPulse.exe (WhatPulse.org)
O4 - Startup: C:\Users\UNIt2N\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\UNIt2N\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\UNIt2N\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk = C:\Program Files (x86)\Trillian\trillian.exe (Cerulean Studios)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = False
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.co...iaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.3.1 192.168.2.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{01eefa18-d316-11df-b9b9-001fbc01f51e}\Shell - "" = AutoRun
O33 - MountPoints2\{01eefa18-d316-11df-b9b9-001fbc01f51e}\Shell\AutoRun\command - "" = K:\MI.exe
O33 - MountPoints2\{921961ac-20e9-11e0-b4c8-001fbc01f51e}\Shell - "" = AutoRun
O33 - MountPoints2\{921961ac-20e9-11e0-b4c8-001fbc01f51e}\Shell\AutoRun\command - "" = D:\autorun.exe
O33 - MountPoints2\{921961bb-20e9-11e0-b4c8-001fbc01f51e}\Shell - "" = AutoRun
O33 - MountPoints2\{921961bb-20e9-11e0-b4c8-001fbc01f51e}\Shell\AutoRun\command - "" = M:\autorun.exe
O33 - MountPoints2\{e900737b-ea94-11df-b50a-001fbc01f51e}\Shell - "" = AutoRun
O33 - MountPoints2\{e900737b-ea94-11df-b50a-001fbc01f51e}\Shell\AutoRun\command - "" = M:\WIN\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/29 03:01:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/04/29 03:01:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/04/29 03:01:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2011/04/29 02:56:33 | 000,000,000 | ---D | C] -- C:\Users\UNIt2N\AppData\Roaming\f-secure
[2011/04/29 02:56:03 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure
[2011/04/26 20:10:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ace of Spades
[2011/04/26 20:10:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ace of Spades
[2011/04/26 16:55:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/04/26 16:55:30 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/04/26 16:55:30 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/04/26 16:54:27 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/04/26 16:54:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011/04/26 16:54:16 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/04/24 13:29:49 | 000,000,000 | ---D | C] -- C:\.jagex_cache_32
[2011/04/20 18:38:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2011/04/20 18:38:32 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2011/04/18 14:51:11 | 000,067,176 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2011/04/18 14:51:10 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2011/04/16 20:20:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype Extras
[2011/04/15 16:08:30 | 000,000,000 | ---D | C] -- E:\Jonathan\Documents\My Cheat Tables
[2011/04/15 16:08:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.0
[2011/04/15 16:08:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cheat Engine 6
[2011/04/13 16:34:39 | 000,000,000 | ---D | C] -- C:\Users\UNIt2N\AppData\Roaming\Audacity
[2011/04/13 16:34:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)
[2011/04/09 18:48:28 | 000,000,000 | ---D | C] -- C:\Users\UNIt2N\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sierra
[2011/04/09 18:47:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sierra
[2011/04/09 18:29:24 | 000,000,000 | ---D | C] -- C:\Users\UNIt2N\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\11-99 Enhancement Mod v1.3
[2011/04/09 18:11:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sierra
[2011/04/09 02:39:50 | 000,000,000 | ---D | C] -- E:\Jonathan\Documents\AutoHotkey
[2011/04/09 02:39:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoHotkey
[2011/04/09 02:39:18 | 000,000,000 | ---D | C] -- C:\Program Files\AutoHotkey
[2011/04/08 00:33:27 | 000,000,000 | ---D | C] -- C:\Users\UNIt2N\AppData\Local\AaaaaRecklessDisregard
[2011/04/08 00:27:08 | 000,000,000 | ---D | C] -- C:\Users\UNIt2N\AppData\Local\The Wonderful End of the World
[2011/04/08 00:25:35 | 000,000,000 | ---D | C] -- C:\Users\UNIt2N\AppData\Local\Bit.Trip Beat
[2011/04/08 00:18:44 | 000,000,000 | ---D | C] -- E:\Jonathan\Documents\Amnesia
[2011/04/08 00:14:05 | 000,000,000 | ---D | C] -- C:\Users\UNIt2N\AppData\Local\123KickIt
[2011/04/08 00:08:05 | 000,000,000 | ---D | C] -- C:\Users\UNIt2N\AppData\Local\Two Tribes
[2011/04/08 00:04:13 | 000,000,000 | ---D | C] -- C:\Users\UNIt2N\AppData\Roaming\Lazy 8 Studios
[2011/04/08 00:03:28 | 000,000,000 | ---D | C] -- C:\Users\UNIt2N\AppData\Local\Lazy 8 Studios
[2011/04/07 21:55:05 | 000,000,000 | ---D | C] -- C:\Users\UNIt2N\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CueCard
[2011/04/07 21:55:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CueCard
[2011/04/07 21:55:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CueCard
[2011/04/04 00:22:33 | 000,000,000 | ---D | C] -- C:\Users\UNIt2N\AppData\Roaming\WhatPulse
[2011/04/04 00:22:32 | 000,000,000 | ---D | C] -- C:\Users\UNIt2N\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhatPulse
[2011/04/04 00:22:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WhatPulse
[2011/04/04 00:22:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WhatPulse
[2011/03/31 03:36:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PeerBlock
[2011/03/31 03:36:54 | 000,000,000 | ---D | C] -- C:\Program Files\PeerBlock
[2011/03/30 23:29:43 | 000,000,000 | ---D | C] -- C:\Users\UNIt2N\VirtualBox VMs
[2011/03/30 20:56:10 | 000,000,000 | ---D | C] -- C:\Users\UNIt2N\AppData\Roaming\Mumble
[2011/03/30 20:44:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mumble
[2011/03/30 20:44:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mumble
[2011/03/30 19:15:28 | 000,000,000 | ---D | C] -- C:\Users\UNIt2N\AppData\Roaming\gtk-2.0
[2011/03/30 19:13:45 | 000,000,000 | ---D | C] -- C:\Users\UNIt2N\AppData\Roaming\deluge
[2011/03/30 19:13:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GTK2 Runtime
[2011/03/30 19:13:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GTK2-Runtime
[2011/03/30 19:11:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deluge
[2011/03/30 11:58:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/29 03:01:45 | 000,001,242 | ---- | M] () -- C:\Users\UNIt2N\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/04/29 03:01:45 | 000,001,218 | ---- | M] () -- C:\Users\UNIt2N\Desktop\Spybot - Search & Destroy.lnk
[2011/04/28 08:00:10 | 000,013,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/28 08:00:10 | 000,013,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/28 06:50:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/04/28 00:33:25 | 000,000,132 | ---- | M] () -- C:\Users\UNIt2N\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/04/27 15:16:21 | 000,795,796 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/04/27 15:16:21 | 000,672,416 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/04/27 15:16:21 | 000,125,088 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/04/27 15:10:24 | 004,980,272 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/04/27 15:09:49 | 529,899,519 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/27 00:09:35 | 000,003,556 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2011/04/26 20:10:20 | 000,000,143 | ---- | M] () -- C:\Users\Public\Desktop\Play Ace of Spades.url
[2011/04/26 18:55:54 | 000,001,101 | ---- | M] () -- C:\Users\UNIt2N\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2011/04/26 18:55:54 | 000,001,077 | ---- | M] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2011/04/26 16:55:37 | 000,001,743 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/04/26 15:46:19 | 000,000,600 | ---- | M] () -- C:\Users\UNIt2N\AppData\Local\PUTTY.RND
[2011/04/24 18:17:30 | 000,000,129 | ---- | M] () -- C:\Users\UNIt2N\jagex_runescape_preferences2.dat
[2011/04/24 18:16:30 | 000,000,034 | ---- | M] () -- C:\Users\UNIt2N\jagex_runescape_preferences.dat
[2011/04/24 16:00:16 | 000,001,979 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/04/24 13:25:59 | 000,020,480 | ---- | M] () -- C:\Users\UNIt2N\yello.exe
[2011/04/24 13:25:58 | 000,000,004 | ---- | M] () -- C:\Users\UNIt2N\._rss
[2011/04/24 00:17:36 | 000,002,714 | ---- | M] () -- E:\Jonathan\Documents\AutoHotkey.ahk
[2011/04/22 22:19:44 | 000,002,364 | ---- | M] () -- C:\Users\UNIt2N\Desktop\Google Chrome.lnk
[2011/04/18 12:08:10 | 000,000,796 | ---- | M] () -- C:\Users\Public\Desktop\Speccy.lnk
[2011/04/18 11:40:54 | 000,001,724 | ---- | M] () -- C:\Users\Public\Desktop\Defraggler.lnk
[2011/04/18 11:26:46 | 000,000,977 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/04/15 16:08:25 | 000,001,029 | ---- | M] () -- C:\Users\UNIt2N\Desktop\Cheat Engine.lnk
[2011/04/13 16:34:26 | 000,001,104 | ---- | M] () -- C:\Users\UNIt2N\Desktop\Audacity 1.3 Beta (Unicode).lnk
[2011/04/09 02:49:46 | 000,001,371 | ---- | M] () -- E:\Jonathan\Documents\AutoHotkey.ahk.bak
[2011/04/08 00:54:01 | 000,002,048 | ---- | M] () -- C:\Users\UNIt2N\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/04/08 00:25:29 | 000,466,456 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2011/04/08 00:25:29 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2011/04/04 00:22:32 | 000,000,979 | ---- | M] () -- C:\Users\UNIt2N\Desktop\WhatPulse.lnk
[2011/04/03 03:22:18 | 000,002,119 | ---- | M] () -- C:\Users\UNIt2N\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox 4.0 Beta 5.lnk
[2011/03/31 03:36:55 | 000,001,736 | ---- | M] () -- C:\Users\UNIt2N\Desktop\PeerBlock.lnk
[2011/03/30 21:00:15 | 000,002,377 | ---- | M] () -- E:\Jonathan\Documents\MumbleAutomaticCertificateBackup.p12
[2011/03/30 20:44:30 | 000,000,974 | ---- | M] () -- C:\Users\Public\Desktop\Mumble.lnk
[2011/03/30 19:11:30 | 000,000,886 | ---- | M] () -- C:\Users\Public\Desktop\Deluge.lnk
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/29 03:01:45 | 000,001,242 | ---- | C] () -- C:\Users\UNIt2N\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/04/29 03:01:45 | 000,001,218 | ---- | C] () -- C:\Users\UNIt2N\Desktop\Spybot - Search & Destroy.lnk
[2011/04/26 20:10:20 | 000,000,143 | ---- | C] () -- C:\Users\Public\Desktop\Play Ace of Spades.url
[2011/04/26 16:55:37 | 000,001,743 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/04/24 16:00:16 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/04/24 16:00:16 | 000,001,979 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/04/24 13:30:31 | 000,000,129 | ---- | C] () -- C:\Users\UNIt2N\jagex_runescape_preferences2.dat
[2011/04/24 13:29:53 | 000,000,034 | ---- | C] () -- C:\Users\UNIt2N\jagex_runescape_preferences.dat
[2011/04/24 13:22:30 | 000,020,480 | ---- | C] () -- C:\Users\UNIt2N\yello.exe
[2011/04/24 13:22:17 | 000,000,004 | ---- | C] () -- C:\Users\UNIt2N\._rss
[2011/04/13 16:34:26 | 000,001,116 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity 1.3 Beta (Unicode).lnk
[2011/04/13 16:34:26 | 000,001,104 | ---- | C] () -- C:\Users\UNIt2N\Desktop\Audacity 1.3 Beta (Unicode).lnk
[2011/04/04 00:22:32 | 000,000,979 | ---- | C] () -- C:\Users\UNIt2N\Desktop\WhatPulse.lnk
[2011/03/31 03:36:55 | 000,001,736 | ---- | C] () -- C:\Users\UNIt2N\Desktop\PeerBlock.lnk
[2011/03/30 21:00:15 | 000,002,377 | ---- | C] () -- E:\Jonathan\Documents\MumbleAutomaticCertificateBackup.p12
[2011/03/30 20:44:30 | 000,000,974 | ---- | C] () -- C:\Users\Public\Desktop\Mumble.lnk
[2011/03/30 19:11:30 | 000,000,886 | ---- | C] () -- C:\Users\Public\Desktop\Deluge.lnk
[2011/03/16 23:17:41 | 000,012,502 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp DSP Effects.dat
[2011/03/12 02:41:31 | 000,000,080 | ---- | C] () -- C:\Users\UNIt2N\AppData\Local\X-Plane Installer.prf
[2011/02/24 17:27:20 | 000,003,009 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Ogg Vorbis Codec.dat
[2011/02/24 17:27:10 | 000,003,190 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.dat
[2011/02/24 17:27:00 | 000,003,289 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Musepack Codec.dat
[2011/02/24 17:26:48 | 000,003,417 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Shorten Codec.dat
[2011/02/24 17:26:31 | 000,002,655 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Midi Decoder.dat
[2011/02/24 17:26:15 | 000,003,297 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp m4a Codec.dat
[2011/02/24 17:25:54 | 000,011,412 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBPowerAMP Real Audio (Helix) Encoder.dat
[2011/02/23 23:51:11 | 003,835,624 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe
[2011/02/23 23:51:11 | 000,018,038 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.dat
[2011/01/19 15:37:51 | 000,000,173 | ---- | C] () -- C:\Users\UNIt2N\AppData\Local\msmathematics.qat.UNIt2N
[2011/01/09 01:45:06 | 000,794,408 | ---- | C] () -- C:\Windows\SysWow64\Pbsvc.exe
[2010/12/12 21:07:35 | 000,001,456 | ---- | C] () -- C:\Users\UNIt2N\AppData\Local\Adobe Save for Web 12.0 Prefs
[2010/11/26 17:41:25 | 000,000,000 | ---- | C] () -- C:\Windows\Bench32.INI
[2010/11/21 00:09:26 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Documentation
[2010/11/21 00:09:26 | 000,000,268 | RH-- | C] () -- C:\Users\UNIt2N\AppData\Roaming\Digital Mono
[2010/11/21 00:01:53 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Echo
[2010/11/21 00:01:53 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Dynamic Library
[2010/11/21 00:01:53 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Drums
[2010/11/21 00:01:53 | 000,000,268 | RH-- | C] () -- C:\Users\UNIt2N\AppData\Roaming\Documents
[2010/11/21 00:01:53 | 000,000,268 | RH-- | C] () -- C:\Users\UNIt2N\AppData\Roaming\Documentation
[2010/11/21 00:01:53 | 000,000,268 | RH-- | C] () -- C:\Users\UNIt2N\AppData\Roaming\Distortion
[2010/11/21 00:01:53 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2010/11/21 00:01:53 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2010/11/21 00:01:53 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2010/11/20 23:57:39 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdy.DAT
[2010/11/01 12:57:39 | 000,000,015 | ---- | C] () -- C:\Windows\SysWow64\settings.dat
[2010/10/29 01:13:35 | 001,970,176 | ---- | C] () -- C:\Windows\SysWow64\d3dx9.dll
[2010/10/15 17:44:13 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2010/10/14 02:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/10/03 20:04:58 | 000,000,600 | ---- | C] () -- C:\Users\UNIt2N\AppData\Local\PUTTY.RND
[2010/09/26 16:51:27 | 000,003,556 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010/09/26 16:51:27 | 000,000,088 | RHS- | C] () -- C:\ProgramData\3B22FDCBC1.sys
[2010/09/26 15:59:07 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010/09/26 15:59:07 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010/09/26 15:59:06 | 000,790,528 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/09/26 15:59:06 | 000,134,144 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/09/26 15:59:06 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/09/17 18:25:23 | 000,000,132 | ---- | C] () -- C:\Users\UNIt2N\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2010/09/04 17:45:21 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/08/05 05:45:00 | 000,000,136 | ---- | C] () -- C:\Windows\SysWow64\cpuz.ini
[2010/08/02 18:13:39 | 000,002,528 | ---- | C] () -- C:\Windows\FCIC.INI
[2010/07/23 18:57:14 | 001,380,352 | ---- | C] () -- C:\Windows\SysWow64\mpich2shmp.dll
[2010/07/23 18:57:14 | 001,196,032 | ---- | C] () -- C:\Windows\SysWow64\mpich2.dll
[2010/07/23 18:57:14 | 001,175,552 | ---- | C] () -- C:\Windows\SysWow64\mpich2shm.dll
[2010/07/23 18:57:14 | 001,158,144 | ---- | C] () -- C:\Windows\SysWow64\mpiexec.exe
[2010/07/23 18:57:14 | 001,135,616 | ---- | C] () -- C:\Windows\SysWow64\smpd.exe
[2010/07/23 18:57:14 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\foo.exe
[2010/07/23 18:57:14 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\mpich2mpi.dll
[2010/07/23 18:57:14 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\GkSui20.EXE
[2010/07/23 18:57:12 | 000,423,424 | ---- | C] () -- C:\Windows\SysWow64\[email protected]
[2010/07/22 02:03:08 | 000,782,604 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/07/20 23:48:56 | 000,270,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010/07/20 23:48:55 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010/07/20 23:48:52 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini
[2010/07/20 00:46:17 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2010/07/18 02:43:03 | 000,000,132 | ---- | C] () -- C:\Users\UNIt2N\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010/07/18 01:59:16 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/07/16 17:22:27 | 000,007,650 | ---- | C] () -- C:\Users\UNIt2N\AppData\Local\Resmon.ResmonCfg
[2010/07/16 01:42:02 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010/07/16 00:44:58 | 000,007,168 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
[2010/07/05 08:37:06 | 000,033,792 | ---- | C] () -- C:\Windows\SysWow64\dokan.dll
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2010/12/18 04:26:54 | 000,000,000 | ---D | M] -- C:\Users\UNIt2N\AppData\Roaming\.minecraft
[2011/02/26 19:44:38 | 000,000,000 | ---D | M] -- C:\Users\UNIt2N\AppData\Roaming\.minecraft_xray
[2010/12/05 22:08:15 | 000,000,000 | ---D | M] -- C:\Users\UNIt2N\AppData\Roaming\Amazon
[2011/04/14 00:55:59 | 000,000,000 | ---D | M] -- C:\Users\UNIt2N\AppData\Roaming\Audacity
[2010/10/17 10:47:07 | 000,000,000 | ---D | M] -- C:\Users\UNIt2N\AppData\Roaming\Bioshock2
[2011/02/14 15:36:40 | 000,000,000 | ---D | M] -- C:\Users\UNIt2N\AppData\Roaming\Bitcoin
[2010/07/16 00:45:01 | 000,000,000 | ---D | M] -- C:\Users\UNIt2N\AppData\Roaming\Canneverbe Limited
[2010/09/09 23:13:58 | 000,000,000 | ---D | M] -- C:\Users\UNIt2N\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/10/24 20:55:10 | 000,000,000 | ---D | M] -- C:\Users\UNIt2N\AppData\Roaming\ClearCloud
[2010/12/05 00:22:42 | 000,000,000 | ---D | M] -- C:\Users\UNIt2N\AppData\Roaming\com.adobe.ExMan
[2011/02/26 23:58:19 | 000,000,000 | ---D | M] -- C:\Users\UNIt2N\AppData\Roaming\dBpoweramp
[2011/04/26 15:43:33 | 000,000,000 | ---D | M] -- C:\Users\UNIt2N\AppData\Roaming\deluge
[2011/02/02 01:16:38 | 000,000,000 | ---D | M] -- C:\Users\UNIt2N\AppData\Roaming\DisplayFusion
[2011/04/29 04:40:34 | 000,000,000 | ---D | M] -- C:\Users\UNIt2N\AppData\Roaming\Dropbox
[2010/12/17 17:42:38 | 000,000,000 | ---D | M] -- C:\Users\UNIt2N\AppData\Roaming\EAC
[2011/04/29 02:56:33 | 000,000,000 | ---D | M] -- C:\Users\UNIt2N\AppData\Roaming\f-secure
[2010/11/07 15:10:24 | 000,000,000 | ---D | M] -- C:\Users\UNIt2N\AppData\Roaming\FastSum
[2011/04/27 01:00:42 | 000,000,000 | ---D | M] -- C:\Users\UNIt2N\AppData\Roaming\FileZilla
[2010/09/26 14:08:35 | 000,000,000 | ---D | M] -- C:\Users\UNIt2N\AppData\Roaming\Folding@home-gpu
[2010/09/22 20:19:25 | 000,000,000 | ---D | M] -- C:\Users\UNIt2N\AppData\Roaming\gambatte
[2011/01/17 14:04:42 | 000,000,000 | ---D | M] -- C:\Users\UNIt2N\AppData\Roaming\GrabIt
[2011/03/30 19:15:28 | 000,000,000 | ---D | M] -- C:\Users\UNIt2N\AppData\Roaming\gtk-2.0
[2011/01/02 16:12:14 | 000,000,000 | ---D | M] -- C:\Users\UNIt2N\AppData\Roaming\HFM
[2011/04/23 01:07:19 | 000,000,000 | ---D | M] -- C:\Users\UNIt2N\AppData\Roaming\HLSW
[2010/12/03 18:00:27 | 000,000,000 | ---D | M] -- C:\Users\UNIt2N\AppData\Roaming\JPEGsnoop
[2011/04/08 00:04:13 | 000,000,000 | ---D | M] -- C:\Users\UNIt2N\AppData\Roaming\Lazy 8 Studios
[2010/12/18 02:28:43 | 000,000,000 | ---D | M] -- C:\Users\UNIt2N\AppData\Roaming\Mp3tag
[2011/04/28 23:23:17 | 000,000,000 | ---D | M] -- C:\Users\UNIt2N\AppData\Roaming\Mumble
[2010/11/21 00:17:37 | 000,000,000 | ---D | M] -- C:\Users\UNIt2N\AppData\Roaming\Nikon
[2011/01/02 00:45:02 | 000,000,000 | ---D | M] -- C:\Users\UNIt2N\AppData\Roaming\Notepad++
[2010/08/02 14:49:11 | 000,000,000 | ---D | M] -- C:\Users\UNIt2N\AppData\Roaming\PACE Anti-Piracy
[2010/07/16 01:59:58 | 000,000,000 | ---D | M] -- C:\Users\UNIt2N\AppData\Roaming\PrimoPDF
[2010/12/09 21:18:26 | 000,000,000 | ---D | M] -- C:\Users\UNIt2N\AppData\Roaming\ProtectDISC
[2010/10/29 18:26:04 | 000,000,000 | ---D | M] -- C:\Users\UNIt2N\AppData\Roaming\Quest3D
[2010/09/22 19:47:56 | 000,000,000 | ---D | M] -- C:\Users\UNIt2N\AppData\Roaming\ResourceCentral.E6E1B28A311BC518DB6C6883EA3757FDE0E90ADC.1
[2010/10/29 18:26:04 | 000,000,000 | ---D | M] -- C:\Users\UNIt2N\AppData\Roaming\Roaming
[2010/11/08 17:51:54 | 000,000,000 | ---D | M] -- C:\Users\UNIt2N\AppData\Roaming\Sierra Wireless
[2010/08/12 21:31:33 | 000,000,000 | ---D | M] -- C:\Users\UNIt2N\AppData\Roaming\Spotify
[2010/08/02 14:52:27 | 000,000,000 | ---D | M] -- C:\Users\UNIt2N\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/07/24 02:45:40 | 000,000,000 | ---D | M] -- C:\Users\UNIt2N\AppData\Roaming\Subversion
[2011/03/06 04:44:47 | 000,000,000 | ---D | M] -- C:\Users\UNIt2N\AppData\Roaming\TeraCopy
[2011/02/23 23:32:41 | 000,000,000 | ---D | M] -- C:\Users\UNIt2N\AppData\Roaming\tidysongs16
[2010/11/17 00:56:29 | 000,000,000 | ---D | M] -- C:\Users\UNIt2N\AppData\Roaming\TightVNC
[2010/08/03 23:03:44 | 000,000,000 | ---D | M] -- C:\Users\UNIt2N\AppData\Roaming\Totusoft
[2010/07/16 16:27:13 | 000,000,000 | ---D | M] -- C:\Users\UNIt2N\AppData\Roaming\Trillian
[2011/01/17 15:36:32 | 000,000,000 | ---D | M] -- C:\Users\UNIt2N\AppData\Roaming\unPoster
[2011/04/26 16:50:17 | 000,000,000 | ---D | M] -- C:\Users\UNIt2N\AppData\Roaming\WhatPulse
[2011/01/09 21:26:36 | 000,000,000 | ---D | M] -- C:\Users\UNIt2N\AppData\Roaming\WinFF
[2011/04/16 21:45:56 | 000,000,000 | ---D | M] -- C:\Users\UNIt2N\AppData\Roaming\WinPatrol
[2011/04/29 03:09:00 | 000,000,000 | ---D | M] -- C:\Users\UNIt2N\AppData\Roaming\X-Chat 2
[2011/03/31 16:51:19 | 000,032,542 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2010/08/07 22:22:07 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G??{c9938216-a28d-11df-ac26-001fbc01f51f}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\坝G⭚{c9938216-a28d-11df-ac26-001fbc01f51f}.TMContainer00000000000000000002.regtrans-ms
[2010/08/07 22:22:07 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G??{c9938216-a28d-11df-ac26-001fbc01f51f}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\坝G⭚{c9938216-a28d-11df-ac26-001fbc01f51f}.TMContainer00000000000000000001.regtrans-ms
[2010/08/07 22:22:07 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G??{c9938216-a28d-11df-ac26-001fbc01f51f}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\坝G⭚{c9938216-a28d-11df-ac26-001fbc01f51f}.TMContainer00000000000000000002.regtrans-ms
[2010/08/07 22:22:07 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G??{c9938216-a28d-11df-ac26-001fbc01f51f}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\坝G⭚{c9938216-a28d-11df-ac26-001fbc01f51f}.TMContainer00000000000000000001.regtrans-ms
[2010/08/07 22:22:07 | 000,262,144 | ---- | M] ()(C:\Windows\SysWow64\?G??) -- C:\Windows\SysWow64\坝G⭚
[2010/08/07 22:22:07 | 000,065,536 | -HS- | M] ()(C:\Windows\SysWow64\?G??{c9938216-a28d-11df-ac26-001fbc01f51f}.TM.blf) -- C:\Windows\SysWow64\坝G⭚{c9938216-a28d-11df-ac26-001fbc01f51f}.TM.blf
[2010/08/07 22:22:07 | 000,065,536 | -HS- | M] ()(C:\Windows\SysWow64\?G??{c9938212-a28d-11df-ac26-001fbc01f51f}.TM.blf) -- C:\Windows\SysWow64\坝G⭚{c9938212-a28d-11df-ac26-001fbc01f51f}.TM.blf
[2010/08/07 22:22:07 | 000,065,536 | -HS- | C] ()(C:\Windows\SysWow64\?G??{c9938216-a28d-11df-ac26-001fbc01f51f}.TM.blf) -- C:\Windows\SysWow64\坝G⭚{c9938216-a28d-11df-ac26-001fbc01f51f}.TM.blf
[2010/08/07 22:22:07 | 000,005,120 | -HS- | M] ()(C:\Windows\SysWow64\?G??.LOG1) -- C:\Windows\SysWow64\坝G⭚.LOG1
[2010/08/07 22:22:06 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G??{c9938212-a28d-11df-ac26-001fbc01f51f}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\坝G⭚{c9938212-a28d-11df-ac26-001fbc01f51f}.TMContainer00000000000000000002.regtrans-ms
[2010/08/07 22:22:06 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\?G??{c9938212-a28d-11df-ac26-001fbc01f51f}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\坝G⭚{c9938212-a28d-11df-ac26-001fbc01f51f}.TMContainer00000000000000000001.regtrans-ms
[2010/08/07 22:22:06 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G??{c9938212-a28d-11df-ac26-001fbc01f51f}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\坝G⭚{c9938212-a28d-11df-ac26-001fbc01f51f}.TMContainer00000000000000000002.regtrans-ms
[2010/08/07 22:22:06 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\?G??{c9938212-a28d-11df-ac26-001fbc01f51f}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\坝G⭚{c9938212-a28d-11df-ac26-001fbc01f51f}.TMContainer00000000000000000001.regtrans-ms
[2010/08/07 22:22:06 | 000,262,144 | ---- | C] ()(C:\Windows\SysWow64\?G??) -- C:\Windows\SysWow64\坝G⭚
[2010/08/07 22:22:06 | 000,065,536 | -HS- | C] ()(C:\Windows\SysWow64\?G??{c9938212-a28d-11df-ac26-001fbc01f51f}.TM.blf) -- C:\Windows\SysWow64\坝G⭚{c9938212-a28d-11df-ac26-001fbc01f51f}.TM.blf
[2010/08/07 22:22:06 | 000,005,120 | -HS- | C] ()(C:\Windows\SysWow64\?G??.LOG1) -- C:\Windows\SysWow64\坝G⭚.LOG1
[2010/08/07 22:22:06 | 000,000,000 | -HS- | M] ()(C:\Windows\SysWow64\?G??.LOG2) -- C:\Windows\SysWow64\坝G⭚.LOG2
[2010/08/07 22:22:06 | 000,000,000 | -HS- | C] ()(C:\Windows\SysWow64\?G??.LOG2) -- C:\Windows\SysWow64\坝G⭚.LOG2

========== Alternate Data Streams ==========

@Alternate Data Stream - 1111 bytes -> C:\Users\UNIt2N\AppData\Local\Temp:QBYAjS9IDslj16Wad1

< End of report >
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP