Spyware Warrior Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
 
FAQ :: Search :: Memberlist :: Usergroups :: Register
Profile :: Log in to check your private messages :: Log in

Possible bot infection

 
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Spyware Warrior Forum Index -> Archived Spyware Removal Help Topics
View previous topic :: View next topic  
Author Message
garbanzo
Newbie


Joined: 20 Jul 2011
Last Visit: 23 Jul 2011
Posts: 6

PostPosted: Wed Jul 20, 2011 4:33 am    Post subject: Possible bot infection Reply with quote

Greetings,

I received an email from my ISP (Comcast) saying I am probably infected by a bot. I've scanned with Spybot, Malwarebytes and NOD32 but found nothing.

CurrPort shows an unknown processes with TCP connections through random ports to a huge variety of IPs. There are 20-30 active at any time. If I close all connections through CurrPort, another batch immediately pops back up.

Thanks to anyone who can help!

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:31:19 AM, on 7/20/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
D:\Apps\No Install\Tools\Search\Everything\Everything.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files (x86)\Opera\opera.exe
C:\Program Files (x86)\Spotify\spotify.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
D:\Apps\No Install\Audio\Players\Billy\Billy.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daum.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.daum.net/search?nil_profile=ie&ref_code=ms&q=%s
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [Everything] "D:\Apps\No Install\Tools\Search\Everything\Everything.exe" -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\USER\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
O4 - Startup: EvernoteTray.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe
O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
O4 - Global Startup: AutorunsDisabled
O4 - Global Startup: Gnome-Colors Patcher Applications Reloader.lnk = C:\Windows\Gnome-Colors Patcher Applications\Reloader.exe
O8 - Extra context menu item: Add to Evernote 4.0 - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AppleChargerSrv - Unknown owner - C:\Windows\system32\AppleChargerSrv.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Unsigned Themes (UnsignedThemes) - The Within Network, LLC - C:\Windows\UnsignedThemesSvc.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: Stardock WindowBlinds (WindowBlinds) - Stardock Corporation - C:\PROGRA~2\Stardock\OBJECT~1\WINDOW~1\VistaSrv.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 10707 bytes
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 24 Apr 2014
Posts: 9930
Location: Yorkshire

PostPosted: Thu Jul 21, 2011 4:12 am    Post subject: Reply with quote

Looking over your log, back soon.
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 24 Apr 2014
Posts: 9930
Location: Yorkshire

PostPosted: Thu Jul 21, 2011 4:20 am    Post subject: Reply with quote

Quote:
Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.


Unless informed of in advance, failure to post replies within 3 days will result in this thread being closed.


Hi garbanzo

I'm Gary R, I'll be glad to help you with your computer problems.

Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

I'd also recommend that you create a System Restore Point that we can restore to if necessary.


  • Click Start, and type Create a restore point into the Search programs and files box.
  • Now click on the Create a restore point icon at the top of the find list.
  • This will open a System Properties box, with the System Protection tab open ...

    • Click on the Create button in the lower part of the window.
    • Type Pre Malware Cleanup into the description box, then click Create.
    • Windows will now create a Restore Point and notify you when finished.
    • Exit any open windows.



Please observe these rules while we work:

  • Perform all actions in the order given.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with it till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to install any new software (other than those I ask you to) until we've got your computer clean.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. If your defensive programmes warn you about any of those tools, be assured that they are not infected, and are safe to use.

If you can do these things, everything should go smoothly.

  • As you're using Vista or Windows7, it will be necessary to right click all tools we use and select ----> Run as Administrator


Quote:
It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


Your HJT log shows you're running the 64 bit version of Windows 7. HJT wasn't designed to work on that OS, so we're going to have to run some additional scans to get an accurate idea of what's on your machine.

Download OTL by OldTimer to your Desktop.

Alternative Download

If you already have a copy of OTL delete it and use this version.


  • Double click OTL.exe to launch the programme.
  • Check the following.

    • Scan all users.
    • Standard Output.
    • Lop check.
    • Purity check.

  • Under Extra Registry section, select Use SafeList
  • Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).
  • When finished it will produce two logs.

    • OTL.txt (open on your desktop).
    • Extras.txt (minimised in your taskbar)

  • Please post me both logs.


Next

Download TDSSKiller.zip and extract it to your Desktop.

  • Double click on TDSSKiller.exe to launch it.

    • If using Vista or Windows7, when prompted by UAC allow the prompt.

  • Click on Start Scan
  • The scan will run.
  • When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
  • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
  • Post the contents in your next reply please.
  • DO NOT TRY TO FIX ANYTHING AT THIS POINT


Summary of the logs I need from you in your next post:

  • OTL.txt
  • Extras.txt
  • TDSSKiller log


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
garbanzo
Newbie


Joined: 20 Jul 2011
Last Visit: 23 Jul 2011
Posts: 6

PostPosted: Thu Jul 21, 2011 9:08 am    Post subject: Reply with quote

OTL logfile created on: 7/21/2011 11:05:17 AM - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = E:\Downloads
64bit- Home Premium Edition N Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.50 Gb Total Physical Memory | 4.99 Gb Available Physical Memory | 66.57% Memory free
14.99 Gb Paging File | 12.43 Gb Available in Paging File | 82.91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 195.31 Gb Total Space | 142.66 Gb Free Space | 73.04% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 225.94 Gb Free Space | 24.26% Space Free | Partition Type: NTFS
Drive E: | 638.44 Gb Total Space | 98.78 Gb Free Space | 15.47% Space Free | Partition Type: NTFS
Drive I: | 15.01 Gb Total Space | 8.07 Gb Free Space | 53.79% Space Free | Partition Type: FAT32
Drive T: | 1863.01 Gb Total Space | 7.16 Gb Free Space | 0.38% Space Free | Partition Type: NTFS
Drive V: | 97.66 Gb Total Space | 95.62 Gb Free Space | 97.91% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: USER | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/21 06:07:56 | 000,579,584 | ---- | M] (OldTimer Tools) -- E:\Downloads\OTL.exe
PRC - [2011/07/12 18:28:52 | 000,008,192 | ---- | M] () -- C:\Windows\SysWOW64\srvany.exe
PRC - [2011/07/12 18:28:45 | 000,151,552 | ---- | M] () -- C:\Windows\KMService.exe
PRC - [2011/07/08 18:15:18 | 005,265,408 | ---- | M] (Spotify Ltd) -- C:\Program Files (x86)\Spotify\spotify.exe
PRC - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/07/04 13:18:04 | 000,440,176 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\opera.exe
PRC - [2011/06/28 14:39:12 | 006,970,880 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Program Files (x86)\Evernote\Evernote\Evernote.exe
PRC - [2011/06/28 14:27:32 | 000,387,072 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe
PRC - [2011/06/08 20:14:27 | 000,399,736 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2011/01/12 16:41:42 | 000,810,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
PRC - [2010/03/06 04:04:24 | 000,310,224 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2009/03/13 03:48:50 | 000,602,624 | ---- | M] () -- D:\Apps\No Install\Tools\Search\Everything\Everything.exe


========== Modules (SafeList) ==========

MOD - [2011/07/21 06:07:56 | 000,579,584 | ---- | M] (OldTimer Tools) -- E:\Downloads\OTL.exe
MOD - [2010/12/03 11:50:14 | 000,860,672 | ---- | M] (Stardock Corporation) -- C:\Program Files (x86)\Stardock\Object Desktop\WindowBlinds\wblind.dll
MOD - [2010/11/29 12:40:34 | 000,081,985 | ---- | M] (Stardock Corporation) -- C:\Program Files (x86)\Stardock\Object Desktop\WindowBlinds\wbhelp.dll
MOD - [2010/11/20 05:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
MOD - [2010/06/07 13:10:53 | 000,057,904 | ---- | M] () -- C:\Windows\SysWOW64\wbload.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/04/20 02:04:20 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/01/12 16:44:02 | 000,042,360 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV:64bit: - [2011/01/12 16:41:42 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2010/10/28 04:14:30 | 000,357,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2010/04/06 16:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/07/12 18:28:52 | 000,008,192 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\srvany.exe -- (KMService)
SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/04/01 15:39:29 | 000,337,144 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files (x86)\Stardock\Object Desktop\WindowBlinds\VistaSrv.exe -- (WindowBlinds)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/07/13 01:08:04 | 000,024,168 | ---- | M] (The Within Network, LLC) [Auto | Running] -- C:\Windows\UnsignedThemesSvc.exe -- (UnsignedThemes)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/07/06 19:52:42 | 000,025,912 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/06/24 15:05:00 | 000,144,688 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/04/20 02:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/04/20 01:22:34 | 000,306,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/01/15 10:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010/12/21 15:04:06 | 000,170,640 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2010/12/21 15:04:06 | 000,141,264 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2010/12/21 13:47:38 | 000,170,640 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw)
DRV:64bit: - [2010/12/21 13:47:38 | 000,050,624 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp)
DRV:64bit: - [2010/12/21 13:47:38 | 000,034,144 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\epfwndis.sys -- (Epfwndis)
DRV:64bit: - [2010/12/16 16:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/08/24 11:29:32 | 000,057,936 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2010/08/24 11:29:10 | 000,063,568 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2010/08/24 11:29:10 | 000,013,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd)
DRV:64bit: - [2010/08/24 11:28:58 | 000,074,320 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV:64bit: - [2010/04/27 11:56:38 | 000,021,544 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger)
DRV:64bit: - [2010/03/22 03:57:20 | 000,347,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2010/01/26 21:05:00 | 000,231,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009/10/07 04:13:34 | 000,070,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/10/07 04:13:34 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 01:09:20 | 000,030,568 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\uxpatch.sys -- (uxpatch)
DRV:64bit: - [2009/06/10 14:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/04 19:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV - [2011/06/08 21:26:17 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64)
DRV - [2011/06/08 21:26:01 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2010/03/12 05:40:48 | 000,052,280 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\GIGABYTE\ET6\amd64\AODDriver.sys -- (AODDriver)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm






IE - HKU\S-1-5-21-4237589393-3822583763-741006102-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.daum.net/
IE - HKU\S-1-5-21-4237589393-3822583763-741006102-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-4237589393-3822583763-741006102-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-4237589393-3822583763-741006102-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BF 80 31 9F 44 26 CC 01 [binary data]
IE - HKU\S-1-5-21-4237589393-3822583763-741006102-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4237589393-3822583763-741006102-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\USER\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\USER\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET SMART SECURITY\MOZILLA THUNDERBIRD [2011/06/09 05:48:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2011/06/09 05:48:05 | 000,000,000 | ---D | M]

[2011/07/08 13:57:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\USER\AppData\Roaming\Mozilla\Extensions

O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AutoKMS] C:\Windows\AutoKMS.exe ()
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Everything] D:\Apps\No Install\Tools\Search\Everything\Everything.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4237589393-3822583763-741006102-1000..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found
O4 - Startup: C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O4 - Startup: C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteTray.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data]
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data]
O7 - HKU\S-1-5-21-4237589393-3822583763-741006102-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKU\S-1-5-21-4237589393-3822583763-741006102-1000 Winlogon: Shell - (expstart.exe) - C:\Windows\expstart.exe ()
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20:64bit: - Winlogon\Notify\WB: DllName - Reg Error: Key error. - File not found
O20 - Winlogon\Notify\WBSrv: DllName - C:\PROGRA~2\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll - C:\Program Files (x86)\Stardock\Object Desktop\WindowBlinds\wbsrv.dll (Stardock Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O22:64bit: - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll (Stardock)
O28:64bit: - HKLM ShellExecuteHooks: {3CF9ECE0-1A9F-11D2-8C73-00C06C2005DE} - C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
O28 - HKLM ShellExecuteHooks: {EE761688-C137-4b04-8FAB-3C9CDF0886F0} - C:\Program Files\GPSoftware\Directory Opus\dopuslib32.dll (GP Software)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{48fb9a19-928b-11e0-a9a6-1c6f65d0022d}\Shell - "" = AutoRun
O33 - MountPoints2\{48fb9a19-928b-11e0-a9a6-1c6f65d0022d}\Shell\AutoRun\command - "" = G:\SETUP.EXE
O33 - MountPoints2\{48fb9a19-928b-11e0-a9a6-1c6f65d0022d}\Shell\configure\command - "" = G:\SETUP.EXE
O33 - MountPoints2\{48fb9a19-928b-11e0-a9a6-1c6f65d0022d}\Shell\install\command - "" = G:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/20 20:47:43 | 000,000,000 | ---D | C] -- C:\Users\USER\AppData\Roaming\OpenOffice.org
[2011/07/20 20:37:56 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.3
[2011/07/20 20:37:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3
[2011/07/20 20:01:13 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/07/20 20:01:13 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/07/20 20:01:13 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/07/20 19:58:01 | 000,000,000 | ---D | C] -- C:\Users\USER\Desktop\OpenOffice.org 3.3 (en-US) Installation Files
[2011/07/20 18:17:19 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2011/07/20 17:57:19 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/07/20 17:44:14 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/07/20 17:42:38 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/07/20 06:25:06 | 000,000,000 | ---D | C] -- C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/07/20 06:25:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011/07/20 06:12:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/07/20 06:12:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/07/20 06:12:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2011/07/20 05:56:23 | 000,000,000 | ---D | C] -- C:\Users\USER\AppData\Roaming\Malwarebytes
[2011/07/20 05:56:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/07/20 05:56:15 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/07/20 05:56:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/07/20 05:56:12 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/07/20 05:56:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/07/19 20:09:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader
[2011/07/18 18:28:21 | 000,000,000 | ---D | C] -- C:\Users\USER\AppData\Local\Evernote
[2011/07/18 18:26:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
[2011/07/18 18:26:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Evernote
[2011/07/17 12:00:02 | 000,000,000 | ---D | C] -- C:\Users\USER\AppData\Local\Binary_Inspirations
[2011/07/17 07:32:08 | 000,000,000 | ---D | C] -- C:\Users\USER\AppData\Local\mdnslib
[2011/07/17 07:31:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Replay Music 3
[2011/07/17 07:31:43 | 000,000,000 | ---D | C] -- C:\Windows\Replay Music
[2011/07/17 06:21:42 | 000,000,000 | ---D | C] -- C:\Users\USER\AppData\Roaming\Audacity
[2011/07/14 19:09:24 | 000,000,000 | ---D | C] -- C:\Users\USER\AppData\Roaming\Spotify
[2011/07/14 19:09:24 | 000,000,000 | ---D | C] -- C:\Users\USER\AppData\Local\Spotify
[2011/07/14 19:09:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spotify
[2011/07/13 06:06:55 | 000,421,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2011/07/13 06:06:55 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2011/07/13 06:06:55 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2011/07/13 06:06:55 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2011/07/13 06:06:55 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2011/07/13 06:06:55 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2011/07/13 06:06:55 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2011/07/13 06:06:55 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2011/07/13 06:06:55 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2011/07/13 06:06:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/07/13 06:06:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/07/13 06:06:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2011/07/13 06:06:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2011/07/13 06:06:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2011/07/13 06:06:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2011/07/13 06:06:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2011/07/13 06:06:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2011/07/13 06:06:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2011/07/13 06:06:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2011/07/13 06:06:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/07/13 06:06:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/07/13 06:06:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/07/13 06:06:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/07/13 06:06:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/07/13 06:06:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2011/07/13 06:06:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2011/07/13 06:06:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2011/07/13 06:06:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/07/13 06:06:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/07/13 06:06:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2011/07/13 06:06:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2011/07/13 06:06:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2011/07/13 06:06:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2011/07/13 06:06:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2011/07/13 06:06:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2011/07/13 06:06:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2011/07/13 06:06:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2011/07/13 06:06:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/07/13 06:06:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2011/07/13 06:06:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2011/07/13 06:06:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2011/07/13 06:06:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2011/07/13 06:06:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2011/07/13 06:06:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2011/07/13 06:06:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2011/07/13 06:06:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2011/07/13 06:06:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2011/07/13 06:06:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/07/13 06:06:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/07/13 06:06:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2011/07/13 06:06:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2011/07/13 06:06:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2011/07/13 06:06:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2011/07/13 06:06:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2011/07/13 06:06:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2011/07/13 06:06:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2011/07/13 06:06:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2011/07/13 06:06:52 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2011/07/13 06:06:52 | 000,007,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2011/07/13 06:06:47 | 002,565,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll
[2011/07/13 06:06:47 | 001,699,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll
[2011/07/13 06:06:47 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsutil.exe
[2011/07/13 06:06:46 | 000,189,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2011/07/13 06:06:46 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fsutil.exe
[2011/07/13 06:06:38 | 001,162,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2011/07/13 06:06:38 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2011/07/13 06:06:38 | 000,338,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2011/07/13 06:06:37 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2011/07/13 06:06:37 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2011/07/13 06:06:37 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2011/07/13 06:06:37 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2011/07/13 06:06:37 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2011/07/13 06:06:37 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2011/07/13 06:06:37 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2011/07/13 06:06:37 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2011/07/13 06:06:37 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2011/07/12 18:01:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2011/07/12 18:01:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services
[2011/07/12 18:01:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2011/07/12 18:00:58 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2011/07/12 18:00:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2011/07/12 17:59:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2011/07/12 17:58:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2011/07/12 17:58:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2011/07/12 17:58:31 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2011/07/11 20:23:53 | 000,000,000 | ---D | C] -- C:\Users\USER\Documents\My Games
[2011/07/11 20:20:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft XNA
[2011/07/11 20:18:05 | 000,000,000 | ---D | C] -- C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Terraria
[2011/07/10 19:08:44 | 000,000,000 | ---D | C] -- C:\Users\USER\AppData\Roaming\dBpoweramp
[2011/07/10 09:02:39 | 000,000,000 | ---D | C] -- C:\Users\USER\Documents\OneNote Notebooks
[2011/07/10 07:51:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\dBpoweramp Music Converter
[2011/07/10 07:51:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Illustrate
[2011/07/09 17:28:10 | 000,000,000 | ---D | C] -- C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Exact Audio Copy
[2011/07/09 16:56:20 | 000,000,000 | ---D | C] -- C:\Users\USER\AppData\Roaming\EAC
[2011/07/09 16:56:16 | 000,000,000 | ---D | C] -- C:\Users\USER\AppData\Roaming\AccurateRip
[2011/07/09 16:56:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Exact Audio Copy
[2011/07/09 16:56:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Exact Audio Copy
[2011/07/09 16:54:48 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/07/08 13:57:19 | 000,000,000 | ---D | C] -- C:\Users\USER\AppData\Roaming\Mozilla
[2011/07/08 05:54:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
[2011/07/08 05:53:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GOG.com
[2011/07/05 17:31:01 | 000,000,000 | ---D | C] -- C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/07/05 17:30:25 | 000,000,000 | ---D | C] -- C:\Users\USER\AppData\Local\Google
[2011/07/05 06:35:09 | 000,000,000 | ---D | C] -- C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/07/05 06:35:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/07/05 06:32:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gnome-Colors Patcher Applications
[2011/07/05 06:32:49 | 000,000,000 | ---D | C] -- C:\Users\USER\Anwendungsdaten
[2011/07/05 06:32:45 | 000,401,056 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/07/05 06:32:40 | 000,000,000 | ---D | C] -- C:\Windows\Gnome-Colors Patcher Applications
[2011/07/05 06:31:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR
[2011/07/02 12:48:09 | 000,000,000 | ---D | C] -- C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2011/07/02 12:46:34 | 000,094,208 | ---- | C] (Blizzard Entertainment) -- C:\Windows\DIIUnin.exe
[2011/07/02 12:46:34 | 000,000,000 | ---D | C] -- C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Diablo II
[2011/07/02 12:46:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo II
[2011/07/02 12:34:40 | 000,000,000 | ---D | C] -- C:\Program Files\Diablo II
[2011/07/02 08:44:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Opera
[2011/06/30 12:22:58 | 000,000,000 | ---D | C] -- C:\Users\USER\VirtualBox VMs
[2011/06/30 12:22:39 | 000,000,000 | ---D | C] -- C:\Users\USER\.VirtualBox
[2011/06/30 12:21:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
[2011/06/30 12:21:36 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2011/06/30 12:09:29 | 000,000,000 | ---D | C] -- C:\Users\USER\AppData\Roaming\Help
[2011/06/28 20:54:15 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvinst.exe
[2011/06/28 20:54:15 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\devrtl.dll
[2011/06/28 20:54:14 | 002,315,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll
[2011/06/28 20:54:13 | 002,223,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll
[2011/06/28 20:54:13 | 001,549,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll
[2011/06/28 20:54:13 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll
[2011/06/28 20:54:13 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchProtocolHost.exe
[2011/06/28 20:54:12 | 000,778,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssvp.dll
[2011/06/28 20:54:12 | 000,491,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssph.dll
[2011/06/28 20:54:12 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll
[2011/06/28 20:54:12 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssphtb.dll
[2011/06/28 20:54:12 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFilterHost.exe
[2011/06/28 20:54:11 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll
[2011/06/28 20:54:11 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssphtb.dll
[2011/06/28 20:54:11 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscntrs.dll
[2011/06/28 20:54:11 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscntrs.dll
[2011/06/26 05:36:55 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/06/25 20:38:07 | 000,000,000 | ---D | C] -- C:\Users\USER\AppData\Local\AMD
[2011/06/25 20:37:09 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD
[2011/06/25 20:37:08 | 000,046,136 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdiox64.sys
[2011/06/25 20:37:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2011/06/25 20:33:04 | 000,000,000 | ---D | C] -- C:\ATI
[2011/06/25 19:45:40 | 000,000,000 | ---D | C] -- C:\Users\USER\AppData\Roaming\calibre
[2011/06/24 15:05:00 | 000,144,688 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys
[2011/06/24 15:04:58 | 000,320,816 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\VBoxNetFltNotify.dll
[2011/06/23 20:48:47 | 000,000,000 | ---D | C] -- C:\Users\USER\AppData\Local\Help
[2011/06/23 20:48:17 | 000,195,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ftsrch.dll
[2011/06/23 20:48:17 | 000,195,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ftsrch.dll
[2011/06/23 20:48:17 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ftlx041e.dll
[2011/06/23 20:48:17 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ftlx041e.dll
[2011/06/23 20:48:17 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ftlx0411.dll
[2011/06/23 20:48:17 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ftlx0411.dll
[2011/06/23 20:30:49 | 000,000,000 | ---D | C] -- C:\Users\USER\AppData\Roaming\ScummVM
[2011/06/23 20:09:55 | 000,000,000 | ---D | C] -- C:\Users\USER\AppData\Roaming\VBA-M
[2011/06/23 05:48:46 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
[2011/06/22 06:04:05 | 000,000,000 | ---D | C] -- C:\VueScan

========== Files - Modified Within 30 Days ==========

[2011/07/21 10:35:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4237589393-3822583763-741006102-1000UA.job
[2011/07/21 06:41:40 | 012,288,054 | ---- | M] () -- C:\Users\USER\Documents\DOpus_Wallpaper.bmp
[2011/07/21 06:39:49 | 000,925,184 | ---- | M] () -- C:\Windows\expstart.exe
[2011/07/20 17:57:05 | 000,014,320 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/20 17:57:05 | 000,014,320 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/20 17:54:08 | 000,779,266 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/07/20 17:54:08 | 000,660,280 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/07/20 17:54:08 | 000,121,208 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/07/20 17:50:31 | 000,000,292 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2011/07/20 17:49:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/07/20 17:49:14 | 1742,094,335 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/20 17:35:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4237589393-3822583763-741006102-1000Core.job
[2011/07/20 06:25:06 | 000,002,971 | ---- | M] () -- C:\Users\USER\Desktop\HiJackThis.lnk
[2011/07/18 18:47:15 | 000,001,292 | ---- | M] () -- C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2011/07/18 18:46:59 | 000,001,112 | ---- | M] () -- C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteTray.lnk
[2011/07/18 18:28:32 | 000,001,127 | ---- | M] () -- C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
[2011/07/18 18:26:31 | 000,000,932 | ---- | M] () -- C:\Users\USER\Desktop\Evernote.lnk
[2011/07/17 11:42:56 | 000,003,297 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp m4a Codec.dat
[2011/07/17 11:42:41 | 000,033,846 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp m4a Codec.bmp
[2011/07/17 11:41:36 | 000,003,002 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp [Multi Encoder] Codec.dat
[2011/07/17 11:41:32 | 000,033,846 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp [Multi Encoder] Codec.bmp
[2011/07/17 11:38:05 | 000,003,009 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Ogg Vorbis Codec.dat
[2011/07/17 11:37:56 | 000,033,846 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Ogg Vorbis Codec.bmp
[2011/07/17 10:46:42 | 000,869,608 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall.exe
[2011/07/17 10:28:53 | 000,013,082 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp DSP Effects.dat
[2011/07/17 10:28:47 | 000,033,846 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp DSP Effects.bmp
[2011/07/17 10:28:47 | 000,018,123 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.dat
[2011/07/17 10:28:31 | 000,033,846 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.bmp
[2011/07/14 19:09:23 | 000,000,991 | ---- | M] () -- C:\Users\USER\Desktop\Spotify.lnk
[2011/07/14 05:46:13 | 004,969,336 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/07/12 21:15:58 | 008,294,454 | ---- | M] () -- C:\Users\USER\Documents\colos_2560x1600.bmp
[2011/07/12 18:36:52 | 000,615,936 | ---- | M] () -- C:\Windows\AutoKMS.exe
[2011/07/12 18:36:52 | 000,000,161 | ---- | M] () -- C:\Windows\AutoKMS.ini
[2011/07/12 18:28:52 | 000,008,192 | ---- | M] () -- C:\Windows\SysWow64\srvany.exe
[2011/07/12 18:28:45 | 000,151,552 | ---- | M] () -- C:\Windows\KMService.exe
[2011/07/11 20:20:35 | 000,000,734 | ---- | M] () -- C:\Users\USER\Desktop\Terraria.lnk
[2011/07/10 07:12:27 | 000,772,646 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/07/09 17:30:16 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\Exact Audio Copy.lnk
[2011/07/09 17:28:11 | 000,001,032 | ---- | M] () -- C:\Users\USER\Desktop\Exact Audio Copy.lnk
[2011/07/08 05:54:20 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Fallout.lnk
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/07/06 19:52:42 | 000,025,912 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/07/05 17:14:27 | 000,001,080 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Gnome-Colors Patcher Applications Reloader.lnk
[2011/07/02 13:07:13 | 000,038,153 | ---- | M] () -- C:\Windows\DIIUnin.dat
[2011/07/02 13:06:33 | 000,021,840 | ---- | M] () -- C:\Windows\SysWow64\SIntfNT.dll
[2011/07/02 13:06:33 | 000,017,212 | ---- | M] () -- C:\Windows\SysWow64\SIntf32.dll
[2011/07/02 13:06:33 | 000,012,067 | ---- | M] () -- C:\Windows\SysWow64\SIntf16.dll
[2011/07/02 12:46:34 | 000,094,208 | ---- | M] (Blizzard Entertainment) -- C:\Windows\DIIUnin.exe
[2011/07/02 12:46:34 | 000,002,829 | ---- | M] () -- C:\Windows\DIIUnin.pif
[2011/07/02 08:43:35 | 000,001,254 | ---- | M] () -- C:\Users\USER\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/06/30 15:00:14 | 000,000,387 | ---- | M] () -- C:\Windows\TGPS.KEY
[2011/06/30 12:11:47 | 000,000,230 | ---- | M] () -- C:\Windows\YODESK.INI
[2011/06/29 06:19:48 | 000,000,132 | ---- | M] () -- C:\Users\USER\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/06/26 05:36:50 | 530,637,177 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/06/24 15:05:00 | 000,144,688 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys
[2011/06/24 15:04:58 | 000,320,816 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\VBoxNetFltNotify.dll
[2011/06/23 19:55:11 | 000,000,900 | ---- | M] () -- C:\Users\USER\games.xml
[2011/06/23 19:54:14 | 000,000,480 | ---- | M] () -- C:\Users\USER\settings.xml
[2011/06/21 14:37:34 | 000,083,968 | ---- | M] () -- C:\Windows\SysNative\ff_vfw.dll

========== Files Created - No Company Name ==========

[2011/07/20 06:25:06 | 000,002,971 | ---- | C] () -- C:\Users\USER\Desktop\HiJackThis.lnk
[2011/07/18 18:47:15 | 000,001,292 | ---- | C] () -- C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2011/07/18 18:46:59 | 000,001,112 | ---- | C] () -- C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteTray.lnk
[2011/07/18 18:28:32 | 000,001,127 | ---- | C] () -- C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
[2011/07/18 18:26:31 | 000,000,932 | ---- | C] () -- C:\Users\USER\Desktop\Evernote.lnk
[2011/07/17 11:41:36 | 000,033,846 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp [Multi Encoder] Codec.bmp
[2011/07/17 11:41:36 | 000,003,002 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp [Multi Encoder] Codec.dat
[2011/07/17 11:38:05 | 000,033,846 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Ogg Vorbis Codec.bmp
[2011/07/17 11:38:05 | 000,003,009 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Ogg Vorbis Codec.dat
[2011/07/17 11:37:18 | 000,033,846 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp m4a Codec.bmp
[2011/07/17 11:37:18 | 000,003,297 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp m4a Codec.dat
[2011/07/14 19:09:23 | 000,001,021 | ---- | C] () -- C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
[2011/07/14 19:09:23 | 000,000,991 | ---- | C] () -- C:\Users\USER\Desktop\Spotify.lnk
[2011/07/12 21:48:16 | 008,294,454 | ---- | C] () -- C:\Users\USER\Documents\colos_2560x1600.bmp
[2011/07/12 18:36:52 | 000,615,936 | ---- | C] () -- C:\Windows\AutoKMS.exe
[2011/07/12 18:36:52 | 000,000,161 | ---- | C] () -- C:\Windows\AutoKMS.ini
[2011/07/11 20:18:05 | 000,000,734 | ---- | C] () -- C:\Users\USER\Desktop\Terraria.lnk
[2011/07/10 07:51:17 | 000,033,846 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp DSP Effects.bmp
[2011/07/10 07:51:17 | 000,013,082 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp DSP Effects.dat
[2011/07/10 07:51:15 | 000,033,846 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.bmp
[2011/07/10 07:51:15 | 000,018,123 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.dat
[2011/07/10 07:51:14 | 000,869,608 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe
[2011/07/10 07:31:54 | 000,151,552 | ---- | C] () -- C:\Windows\KMService.exe
[2011/07/10 07:31:54 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
[2011/07/09 17:28:11 | 000,001,032 | ---- | C] () -- C:\Users\USER\Desktop\Exact Audio Copy.lnk
[2011/07/09 16:56:14 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\Exact Audio Copy.lnk
[2011/07/08 05:54:20 | 000,002,014 | ---- | C] () -- C:\Users\Public\Desktop\Fallout.lnk
[2011/07/05 17:30:26 | 000,000,904 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4237589393-3822583763-741006102-1000UA.job
[2011/07/05 17:30:26 | 000,000,852 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4237589393-3822583763-741006102-1000Core.job
[2011/07/05 06:32:49 | 000,001,080 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Gnome-Colors Patcher Applications Reloader.lnk
[2011/07/02 12:48:30 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2011/07/02 12:48:30 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2011/07/02 12:48:30 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2011/07/02 12:46:35 | 000,038,153 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2011/07/02 12:46:34 | 000,002,829 | ---- | C] () -- C:\Windows\DIIUnin.pif
[2011/07/02 08:44:24 | 000,001,841 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
[2011/06/30 12:04:58 | 000,000,230 | ---- | C] () -- C:\Windows\YODESK.INI
[2011/06/26 14:45:00 | 000,772,646 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/06/26 05:36:50 | 530,637,177 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/06/23 19:54:13 | 000,000,480 | ---- | C] () -- C:\Users\USER\settings.xml
[2011/06/23 19:54:12 | 000,000,900 | ---- | C] () -- C:\Users\USER\games.xml
[2011/06/20 19:21:48 | 000,000,000 | ---- | C] () -- C:\Windows\topo4.INI
[2011/06/20 18:35:07 | 000,000,942 | ---- | C] () -- C:\Users\USER\AppData\Roaming\coreavc.ini
[2011/06/10 06:30:39 | 000,000,132 | ---- | C] () -- C:\Users\USER\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/06/10 06:20:37 | 000,925,184 | ---- | C] () -- C:\Windows\expstart.exe
[2011/06/08 21:26:17 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
[2011/06/08 19:57:54 | 000,057,904 | ---- | C] () -- C:\Windows\SysWow64\wbload.dll
[2011/06/08 19:26:29 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/06/08 19:22:14 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2011/05/24 23:44:26 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/03/17 17:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2009/08/27 01:04:12 | 000,207,400 | R--- | C] () -- C:\Windows\GSetup.exe
[2009/07/13 23:43:47 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 20:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 20:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 18:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2003/10/06 02:21:31 | 000,000,000 | -H-- | C] () -- C:\ProgramData\sdpsenv.dat

========== LOP Check ==========

[2011/07/03 21:14:59 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\.minecraft
[2011/07/17 06:33:09 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\Audacity
[2011/06/25 19:47:30 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\calibre
[2011/07/04 16:31:15 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\CD Art Display
[2011/06/11 16:50:32 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\cspa
[2011/06/11 17:13:42 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\cYo
[2011/07/10 19:08:44 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\dBpoweramp
[2011/07/09 16:56:21 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\EAC
[2011/06/11 16:42:45 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\Ectaco
[2011/06/09 05:50:26 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\ESET
[2011/06/19 19:36:46 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\Foxit Software
[2011/06/08 19:46:16 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\GPSoftware
[2011/06/11 16:50:50 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\KC Softwares
[2011/07/21 11:06:35 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\NetSpeedMonitor
[2011/07/20 20:47:43 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\OpenOffice.org
[2011/07/06 06:26:28 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\Opera
[2011/06/11 16:46:02 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\picpick
[2011/06/23 20:30:49 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\ScummVM
[2011/07/21 04:56:45 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\Spotify
[2011/06/10 06:28:48 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/06/08 20:25:35 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\Stardock
[2011/07/21 11:06:43 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\uTorrent
[2011/06/23 20:09:55 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\VBA-M
[2011/06/09 18:11:22 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\VistaStyleBuilder
[2011/07/20 17:50:31 | 000,000,292 | ---- | M] () -- C:\Windows\Tasks\AutoKMS.job
[2009/07/13 23:08:02 | 000,021,814 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 240 bytes -> C:\ProgramData\sdpsenv.dat:naughtypirates

< End of report >
Back to top
View user's profile Send private message
garbanzo
Newbie


Joined: 20 Jul 2011
Last Visit: 23 Jul 2011
Posts: 6

PostPosted: Thu Jul 21, 2011 9:09 am    Post subject: Reply with quote

OTL Extras logfile created on: 7/21/2011 11:05:17 AM - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = E:\Downloads
64bit- Home Premium Edition N Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.50 Gb Total Physical Memory | 4.99 Gb Available Physical Memory | 66.57% Memory free
14.99 Gb Paging File | 12.43 Gb Available in Paging File | 82.91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 195.31 Gb Total Space | 142.66 Gb Free Space | 73.04% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 225.94 Gb Free Space | 24.26% Space Free | Partition Type: NTFS
Drive E: | 638.44 Gb Total Space | 98.78 Gb Free Space | 15.47% Space Free | Partition Type: NTFS
Drive I: | 15.01 Gb Total Space | 8.07 Gb Free Space | 53.79% Space Free | Partition Type: FAT32
Drive T: | 1863.01 Gb Total Space | 7.16 Gb Free Space | 0.38% Space Free | Partition Type: NTFS
Drive V: | 97.66 Gb Total Space | 95.62 Gb Free Space | 97.91% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: USER | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 61 01 DA 5A 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E543634-7E25-4B8F-8D5B-97880E5E5088}" = Bonjour
"{1DABE61D-DE02-4404-939A-925C202B3721}" = Oracle VM VirtualBox 4.0.10
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{88F41EE2-949B-4B52-933D-C7F8F67BC1D2}" = NetSpeedMonitor 2.5.4.0 x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8E363055-15E5-4D8A-9C69-A0A9DE9A3337}" = UxStyle Core Beta
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{BCF07271-A853-4D3A-B668-4B752174CAA8}" = iTunes
"{C0D93E4E-0866-43C8-A104-BF41A803EA84}" = ESET Smart Security
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CANONIJINBOXADDON100" = Canon Inkjet Printer Driver Add-On Module
"CBX Shell_is1" = CBX Shell
"ffdshow64_is1" = ffdshow x64 v1.1.3894 [2011-06-21]
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"sp6" = Logitech SetPoint 6.22
"VueScan" = VueScan
"WinRAR archiver" = WinRAR 4.01 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B10.0427.1
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B10.0516.1
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{5619E613-0394-41C1-BC62-DCF82764CA87}" = SkinStudio 7
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5B3FB6D4-1B88-413D-8DE7-A7E2D58DE5B2}" = TOPO! 4
"{5D4F167D-CCC8-413E-A6EE-F2FABBBBF50D}" = GPSoftware Directory Opus
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AFDF950D-3814-4F98-B66F-8C286A69F405}" = Windows Style Builder
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B10.0517.1
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = Impulse®
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.4.2
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"CD Art Display_is1" = CD Art Display 3.0.1472 Beta
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"CoreAVC Professional Edition" = CoreAVC Professional Edition (remove only)
"dBpoweramp [Multi Encoder] Codec" = dBpoweramp [Multi Encoder] Codec
"dBpoweramp DSP Effects" = dBpoweramp DSP Effects
"dBpoweramp m4a Codec" = dBpoweramp m4a Codec
"dBpoweramp Music Converter" = dBpoweramp Music Converter
"dBpoweramp Ogg Vorbis Codec" = dBpoweramp Ogg Vorbis Codec
"Diablo II" = Diablo II
"Exact Audio Copy" = Exact Audio Copy 1.0beta2
"Fallout_is1" = Fallout
"Fences (Free)" = Fences (Free)
"Foxit Phantom" = Foxit Phantom
"Gnome-Colors Patcher Applications" = Gnome-Colors Patcher Applications 11.06.24
"Gnome-Colors Patcher Se7en" = Gnome-Colors Patcher Se7en 11.01.04
"HaaliMkx" = Haali Media Splitter
"HijackThis" = HijackThis 2.0.2
"Impulse®" = Impulse®
"Inno Setup 5_is1" = Inno Setup version 5.4.2
"InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B10.0516.1
"InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B10.0517.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Opera 11.50.1074" = Opera 11.50
"SkinStudio 7" = SkinStudio 7
"Spotify" = Spotify
"uTorrent" = µTorrent
"VirtualCloneDrive" = VirtualCloneDrive
"WindowBlinds 7" = WindowBlinds 7

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4237589393-3822583763-741006102-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/11/2011 10:18:27 PM | Computer Name = USER-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Terraria.exe, version: 1.0.4.0, time stamp:
0x4e03851b Faulting module name: KERNELBASE.dll, version: 6.1.7601.17514, time stamp:
0x4ce7bafa Exception code: 0xe0434352 Fault offset: 0x0000b727 Faulting process id:
0x4c0 Faulting application start time: 0x01cc4039fb32cd1b Faulting application path:
D:\Apps\Games\Terraria2\Terraria.exe Faulting module path: C:\Windows\syswow64\KERNELBASE.dll
Report
Id: 3a11f8b2-ac2d-11e0-a6f1-1c6f65d0022d

Error - 7/11/2011 10:18:41 PM | Computer Name = USER-PC | Source = .NET Runtime | ID = 1026
Description =

Error - 7/11/2011 10:18:41 PM | Computer Name = USER-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Terraria.exe, version: 1.0.4.0, time stamp:
0x4e03851b Faulting module name: KERNELBASE.dll, version: 6.1.7601.17514, time stamp:
0x4ce7bafa Exception code: 0xe0434352 Fault offset: 0x0000b727 Faulting process id:
0xfc0 Faulting application start time: 0x01cc403a045d95a8 Faulting application path:
D:\Apps\Games\Terraria2\Terraria.exe Faulting module path: C:\Windows\syswow64\KERNELBASE.dll
Report
Id: 42386ccf-ac2d-11e0-a6f1-1c6f65d0022d

Error - 7/12/2011 9:19:03 PM | Computer Name = USER-PC | Source = Application Error | ID = 1000
Description = Faulting application name: foobar2000.exe, version: 1.1.7.0, time
stamp: 0x4deb4963 Faulting module name: jscript9.dll, version: 9.0.8112.16430, time
stamp: 0x4db210d4 Exception code: 0xc0000005 Fault offset: 0x000bac2a Faulting process
id: 0xb7c Faulting application start time: 0x01cc40fac6dffb99 Faulting application
path: D:\Apps\No Install\Audio\Players\foobar2000 CUI\foobar2000.exe Faulting module
path: C:\Windows\SysWOW64\jscript9.dll Report Id: 1813e9bf-acee-11e0-8882-1c6f65d0022d

Error - 7/13/2011 3:45:01 PM | Computer Name = USER-PC | Source = Application Error | ID = 1000
Description = Faulting application name: SoftwareUpdate.exe, version: 2.1.3.127,
time stamp: 0x4de6dd5a Faulting module name: SoftwareUpdate.exe, version: 2.1.3.127,
time stamp: 0x4de6dd5a Exception code: 0xc0000005 Fault offset: 0x000052e6 Faulting
process id: 0x6fc Faulting application start time: 0x01cc41955a5e0119 Faulting application
path: C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe Faulting module
path: C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe Report Id:
988c9eca-ad88-11e0-aabe-1c6f65d0022d

Error - 7/17/2011 3:53:49 PM | Computer Name = USER-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 7/18/2011 10:05:20 AM | Computer Name = USER-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 7/20/2011 3:45:03 PM | Computer Name = USER-PC | Source = Application Error | ID = 1000
Description = Faulting application name: SoftwareUpdate.exe, version: 2.1.3.127,
time stamp: 0x4de6dd5a Faulting module name: SoftwareUpdate.exe, version: 2.1.3.127,
time stamp: 0x4de6dd5a Exception code: 0xc0000005 Fault offset: 0x000052e6 Faulting
process id: 0x2a0 Faulting application start time: 0x01cc4715838de2bd Faulting application
path: C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe Faulting module
path: C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe Report Id:
c2a5d268-b308-11e0-8087-1c6f65d0022d

Error - 7/20/2011 10:36:21 PM | Computer Name = USER-PC | Source = MsiInstaller | ID = 10005
Description =

Error - 7/21/2011 8:05:08 AM | Computer Name = USER-PC | Source = MsiInstaller | ID = 1013
Description =

[ System Events ]
Error - 7/12/2011 12:39:08 AM | Computer Name = USER-PC | Source = DCOM | ID = 10010
Description =

Error - 7/12/2011 9:12:17 AM | Computer Name = USER-PC | Source = DCOM | ID = 10010
Description =

Error - 7/12/2011 11:51:42 PM | Computer Name = USER-PC | Source = DCOM | ID = 10010
Description =

Error - 7/14/2011 12:22:58 AM | Computer Name = USER-PC | Source = DCOM | ID = 10010
Description =

Error - 7/14/2011 9:15:56 AM | Computer Name = USER-PC | Source = DCOM | ID = 10010
Description =

Error - 7/15/2011 12:07:11 AM | Computer Name = USER-PC | Source = DCOM | ID = 10010
Description =

Error - 7/15/2011 8:45:56 AM | Computer Name = USER-PC | Source = DCOM | ID = 10010
Description =

Error - 7/16/2011 11:41:47 PM | Computer Name = USER-PC | Source = DCOM | ID = 10010
Description =

Error - 7/17/2011 9:37:07 AM | Computer Name = USER-PC | Source = DCOM | ID = 10010
Description =

Error - 7/20/2011 7:48:34 PM | Computer Name = USER-PC | Source = DCOM | ID = 10010
Description =


< End of report >
Back to top
View user's profile Send private message
garbanzo
Newbie


Joined: 20 Jul 2011
Last Visit: 23 Jul 2011
Posts: 6

PostPosted: Thu Jul 21, 2011 9:10 am    Post subject: Reply with quote

2011/07/21 11:06:11.0819 4520 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56
2011/07/21 11:06:13.0819 4520 ================================================================================
2011/07/21 11:06:13.0819 4520 SystemInfo:
2011/07/21 11:06:13.0819 4520
2011/07/21 11:06:13.0819 4520 OS Version: 6.1.7601 ServicePack: 1.0
2011/07/21 11:06:13.0819 4520 Product type: Workstation
2011/07/21 11:06:13.0819 4520 ComputerName: USER-PC
2011/07/21 11:06:13.0819 4520 UserName: USER
2011/07/21 11:06:13.0819 4520 Windows directory: C:\Windows
2011/07/21 11:06:13.0819 4520 System windows directory: C:\Windows
2011/07/21 11:06:13.0819 4520 Running under WOW64
2011/07/21 11:06:13.0819 4520 Processor architecture: Intel x64
2011/07/21 11:06:13.0819 4520 Number of processors: 2
2011/07/21 11:06:13.0819 4520 Page size: 0x1000
2011/07/21 11:06:13.0819 4520 Boot type: Normal boot
2011/07/21 11:06:13.0819 4520 ================================================================================
2011/07/21 11:06:22.0780 4520 Initialize success
2011/07/21 11:06:26.0246 4464 ================================================================================
2011/07/21 11:06:26.0246 4464 Scan started
2011/07/21 11:06:26.0246 4464 Mode: Manual;
2011/07/21 11:06:26.0246 4464 ================================================================================
2011/07/21 11:06:27.0232 4464 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
2011/07/21 11:06:27.0264 4464 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
2011/07/21 11:06:27.0296 4464 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
2011/07/21 11:06:27.0332 4464 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/07/21 11:06:27.0374 4464 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/07/21 11:06:27.0411 4464 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/07/21 11:06:27.0466 4464 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
2011/07/21 11:06:27.0550 4464 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
2011/07/21 11:06:27.0567 4464 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
2011/07/21 11:06:27.0596 4464 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
2011/07/21 11:06:27.0653 4464 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
2011/07/21 11:06:27.0669 4464 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/07/21 11:06:27.0808 4464 amdkmdag (60216b0e704584de6d5a9f59e9c34c47) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/07/21 11:06:27.0895 4464 amdkmdap (6b4e9261b613b047a9a145f328889968) C:\Windows\system32\DRIVERS\atikmpag.sys
2011/07/21 11:06:27.0936 4464 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/07/21 11:06:27.0984 4464 amdsata (53d8d46d51d390abdb54eca623165cb7) C:\Windows\system32\DRIVERS\amdsata.sys
2011/07/21 11:06:28.0008 4464 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/07/21 11:06:28.0039 4464 amdxata (75c51148154e34eb3d7bb84749a758d5) C:\Windows\system32\DRIVERS\amdxata.sys
2011/07/21 11:06:28.0112 4464 AODDriver (b934322c68c30dceca96c0274a51f7b0) C:\Program Files (x86)\GIGABYTE\ET6\amd64\AODDriver.sys
2011/07/21 11:06:28.0149 4464 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
2011/07/21 11:06:28.0218 4464 AppleCharger (301aa64f9643bc453d90a66c4c0e7204) C:\Windows\system32\DRIVERS\AppleCharger.sys
2011/07/21 11:06:28.0237 4464 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/07/21 11:06:28.0259 4464 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/07/21 11:06:28.0319 4464 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/07/21 11:06:28.0343 4464 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
2011/07/21 11:06:28.0399 4464 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
2011/07/21 11:06:28.0482 4464 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/07/21 11:06:28.0508 4464 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/07/21 11:06:28.0544 4464 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/07/21 11:06:28.0572 4464 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/07/21 11:06:28.0613 4464 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
2011/07/21 11:06:28.0666 4464 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/07/21 11:06:28.0682 4464 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/07/21 11:06:28.0709 4464 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/07/21 11:06:28.0741 4464 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/07/21 11:06:28.0769 4464 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/07/21 11:06:28.0789 4464 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/07/21 11:06:28.0804 4464 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/07/21 11:06:28.0849 4464 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/07/21 11:06:28.0888 4464 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
2011/07/21 11:06:28.0914 4464 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/07/21 11:06:28.0947 4464 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/07/21 11:06:29.0007 4464 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/07/21 11:06:29.0036 4464 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
2011/07/21 11:06:29.0058 4464 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
2011/07/21 11:06:29.0080 4464 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/07/21 11:06:29.0145 4464 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
2011/07/21 11:06:29.0164 4464 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/07/21 11:06:29.0215 4464 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
2011/07/21 11:06:29.0239 4464 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/07/21 11:06:29.0271 4464 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/07/21 11:06:29.0306 4464 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/07/21 11:06:29.0343 4464 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
2011/07/21 11:06:29.0395 4464 eamonm (aca3fe4f18a945b7bf2618a79f6f670b) C:\Windows\system32\DRIVERS\eamonm.sys
2011/07/21 11:06:29.0454 4464 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/07/21 11:06:29.0505 4464 ehdrv (6672438bdcbfd87250d22112d458294d) C:\Windows\system32\DRIVERS\ehdrv.sys
2011/07/21 11:06:29.0541 4464 ElbyCDIO (a05fc7eca0966ebb70e4d17b855a853b) C:\Windows\system32\Drivers\ElbyCDIO.sys
2011/07/21 11:06:29.0564 4464 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/07/21 11:06:29.0588 4464 epfw (443805b5b11c859ac8ca35297648ff0c) C:\Windows\system32\DRIVERS\epfw.sys
2011/07/21 11:06:29.0609 4464 Epfwndis (66e61bc6c9f519a99275eb0f0e530bf4) C:\Windows\system32\DRIVERS\Epfwndis.sys
2011/07/21 11:06:29.0637 4464 epfwwfp (f72c97f3d34ea5ec919c73e3901266bb) C:\Windows\system32\DRIVERS\epfwwfp.sys
2011/07/21 11:06:29.0660 4464 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
2011/07/21 11:06:29.0680 4464 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/07/21 11:06:29.0700 4464 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/07/21 11:06:29.0719 4464 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/07/21 11:06:29.0745 4464 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/07/21 11:06:29.0754 4464 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/07/21 11:06:29.0774 4464 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/07/21 11:06:29.0803 4464 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
2011/07/21 11:06:29.0833 4464 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/07/21 11:06:29.0851 4464 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/07/21 11:06:29.0875 4464 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/07/21 11:06:29.0892 4464 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/07/21 11:06:29.0933 4464 gdrv (7907e14f9bcf3a4689c9a74a1a873cb6) C:\Windows\gdrv.sys
2011/07/21 11:06:29.0961 4464 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/07/21 11:06:30.0014 4464 GVTDrv64 (8126331fbd4ed29eb3b356f9c905064d) C:\Windows\GVTDrv64.sys
2011/07/21 11:06:30.0023 4464 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/07/21 11:06:30.0059 4464 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
2011/07/21 11:06:30.0095 4464 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
2011/07/21 11:06:30.0104 4464 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/07/21 11:06:30.0118 4464 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/07/21 11:06:30.0142 4464 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/07/21 11:06:30.0170 4464 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
2011/07/21 11:06:30.0202 4464 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
2011/07/21 11:06:30.0245 4464 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
2011/07/21 11:06:30.0284 4464 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
2011/07/21 11:06:30.0303 4464 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
2011/07/21 11:06:30.0325 4464 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
2011/07/21 11:06:30.0374 4464 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/07/21 11:06:30.0439 4464 IntcAzAudAddService (0adf714079ae174a39d69036143e4c50) C:\Windows\system32\drivers\RTKVHD64.sys
2011/07/21 11:06:30.0486 4464 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
2011/07/21 11:06:30.0508 4464 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/07/21 11:06:30.0531 4464 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/07/21 11:06:30.0553 4464 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
2011/07/21 11:06:30.0564 4464 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/07/21 11:06:30.0630 4464 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/07/21 11:06:30.0655 4464 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
2011/07/21 11:06:30.0673 4464 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
2011/07/21 11:06:30.0723 4464 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
2011/07/21 11:06:30.0740 4464 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
2011/07/21 11:06:30.0787 4464 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
2011/07/21 11:06:30.0820 4464 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
2011/07/21 11:06:30.0841 4464 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/07/21 11:06:30.0901 4464 LEqdUsb (00ba093a3f316d43a4c3e098a96ae912) C:\Windows\system32\DRIVERS\LEqdUsb.Sys
2011/07/21 11:06:30.0930 4464 LHidEqd (3067cfad2baa4a208130cd0afb130bc9) C:\Windows\system32\DRIVERS\LHidEqd.Sys
2011/07/21 11:06:30.0950 4464 LHidFilt (24e09882ba51b9830ae029888a3aaf18) C:\Windows\system32\DRIVERS\LHidFilt.Sys
2011/07/21 11:06:30.0987 4464 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/07/21 11:06:31.0024 4464 LMouFilt (2f94325d8c10e2b715f3d753c2422aac) C:\Windows\system32\DRIVERS\LMouFilt.Sys
2011/07/21 11:06:31.0046 4464 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/07/21 11:06:31.0071 4464 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/07/21 11:06:31.0085 4464 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/07/21 11:06:31.0119 4464 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/07/21 11:06:31.0141 4464 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/07/21 11:06:31.0192 4464 MBAMProtector (9c4fb231b6e02f84580de2f00f3c5293) C:\Windows\system32\drivers\mbam.sys
2011/07/21 11:06:31.0220 4464 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/07/21 11:06:31.0243 4464 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/07/21 11:06:31.0265 4464 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/07/21 11:06:31.0324 4464 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/07/21 11:06:31.0349 4464 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
2011/07/21 11:06:31.0378 4464 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/07/21 11:06:31.0431 4464 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
2011/07/21 11:06:31.0469 4464 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
2011/07/21 11:06:31.0502 4464 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/07/21 11:06:31.0545 4464 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
2011/07/21 11:06:31.0583 4464 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/07/21 11:06:31.0610 4464 mrxsmb10 (2086d463bd371d8a37d153897430916d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/07/21 11:06:31.0635 4464 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/07/21 11:06:31.0654 4464 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
2011/07/21 11:06:31.0683 4464 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
2011/07/21 11:06:31.0721 4464 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/07/21 11:06:31.0749 4464 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/07/21 11:06:31.0775 4464 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
2011/07/21 11:06:31.0834 4464 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/07/21 11:06:31.0862 4464 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/07/21 11:06:31.0891 4464 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/07/21 11:06:31.0923 4464 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
2011/07/21 11:06:31.0952 4464 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
2011/07/21 11:06:31.0979 4464 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/07/21 11:06:32.0007 4464 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/07/21 11:06:32.0031 4464 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/07/21 11:06:32.0064 4464 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/07/21 11:06:32.0113 4464 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
2011/07/21 11:06:32.0147 4464 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/07/21 11:06:32.0184 4464 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/07/21 11:06:32.0217 4464 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/07/21 11:06:32.0268 4464 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/07/21 11:06:32.0303 4464 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
2011/07/21 11:06:32.0331 4464 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/07/21 11:06:32.0385 4464 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
2011/07/21 11:06:32.0478 4464 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/07/21 11:06:32.0527 4464 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/07/21 11:06:32.0556 4464 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/07/21 11:06:32.0609 4464 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
2011/07/21 11:06:32.0639 4464 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/07/21 11:06:32.0669 4464 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
2011/07/21 11:06:32.0698 4464 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
2011/07/21 11:06:32.0745 4464 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
2011/07/21 11:06:32.0771 4464 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
2011/07/21 11:06:32.0857 4464 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/07/21 11:06:32.0877 4464 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
2011/07/21 11:06:32.0898 4464 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
2011/07/21 11:06:32.0917 4464 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
2011/07/21 11:06:32.0932 4464 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/07/21 11:06:32.0946 4464 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/07/21 11:06:32.0978 4464 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/07/21 11:06:33.0067 4464 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
2011/07/21 11:06:33.0080 4464 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/07/21 11:06:33.0131 4464 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
2011/07/21 11:06:33.0174 4464 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/07/21 11:06:33.0202 4464 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/07/21 11:06:33.0216 4464 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/07/21 11:06:33.0245 4464 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/07/21 11:06:33.0282 4464 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/07/21 11:06:33.0309 4464 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/07/21 11:06:33.0356 4464 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/07/21 11:06:33.0371 4464 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/07/21 11:06:33.0416 4464 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
2011/07/21 11:06:33.0440 4464 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/07/21 11:06:33.0485 4464 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/07/21 11:06:33.0504 4464 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/07/21 11:06:33.0525 4464 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/07/21 11:06:33.0554 4464 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
2011/07/21 11:06:33.0585 4464 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
2011/07/21 11:06:33.0630 4464 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/07/21 11:06:33.0668 4464 RTHDMIAzAudService (d6d381b76056c668679723938f06f16c) C:\Windows\system32\drivers\RtHDMIVX.sys
2011/07/21 11:06:33.0716 4464 RTL8167 (4fbda07ef0a3097ce14c5cabf723b278) C:\Windows\system32\DRIVERS\Rt64win7.sys
2011/07/21 11:06:33.0747 4464 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
2011/07/21 11:06:33.0774 4464 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
2011/07/21 11:06:33.0810 4464 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/07/21 11:06:33.0858 4464 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/07/21 11:06:33.0877 4464 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/07/21 11:06:33.0942 4464 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/07/21 11:06:34.0000 4464 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
2011/07/21 11:06:34.0012 4464 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
2011/07/21 11:06:34.0027 4464 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
2011/07/21 11:06:34.0050 4464 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/07/21 11:06:34.0086 4464 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/07/21 11:06:34.0099 4464 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/07/21 11:06:34.0124 4464 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/07/21 11:06:34.0153 4464 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/07/21 11:06:34.0220 4464 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
2011/07/21 11:06:34.0276 4464 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
2011/07/21 11:06:34.0302 4464 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
2011/07/21 11:06:34.0337 4464 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/07/21 11:06:34.0370 4464 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
2011/07/21 11:06:34.0473 4464 Tcpip (92ce29d95ac9dd2d0ee9061d551ba250) C:\Windows\system32\drivers\tcpip.sys
2011/07/21 11:06:34.0524 4464 TCPIP6 (92ce29d95ac9dd2d0ee9061d551ba250) C:\Windows\system32\DRIVERS\tcpip.sys
2011/07/21 11:06:34.0567 4464 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
2011/07/21 11:06:34.0592 4464 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/07/21 11:06:34.0630 4464 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/07/21 11:06:34.0672 4464 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
2011/07/21 11:06:34.0695 4464 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
2011/07/21 11:06:34.0743 4464 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/07/21 11:06:34.0785 4464 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
2011/07/21 11:06:34.0836 4464 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
2011/07/21 11:06:34.0860 4464 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/07/21 11:06:34.0908 4464 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
2011/07/21 11:06:34.0955 4464 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
2011/07/21 11:06:35.0040 4464 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
2011/07/21 11:06:35.0067 4464 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/07/21 11:06:35.0138 4464 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
2011/07/21 11:06:35.0169 4464 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/07/21 11:06:35.0209 4464 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
2011/07/21 11:06:35.0224 4464 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/07/21 11:06:35.0255 4464 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
2011/07/21 11:06:35.0278 4464 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
2011/07/21 11:06:35.0302 4464 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/07/21 11:06:35.0337 4464 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
2011/07/21 11:06:35.0366 4464 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
2011/07/21 11:06:35.0390 4464 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
2011/07/21 11:06:35.0428 4464 uxpatch (297ee9c666fc8bb96a232db0ddba1e49) C:\Windows\system32\drivers\uxpatch.sys
2011/07/21 11:06:35.0487 4464 VBoxDrv (f8899654688af11b5e8ddf9ed53cb72e) C:\Windows\system32\DRIVERS\VBoxDrv.sys
2011/07/21 11:06:35.0546 4464 VBoxNetAdp (01f5ff577ca9d3555941c5c266af4385) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
2011/07/21 11:06:35.0584 4464 VBoxNetFlt (2666d93096570f92346e3117b9c051e8) C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
2011/07/21 11:06:35.0614 4464 VBoxUSBMon (92d8db75837262e3811dfabf80dc08e0) C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
2011/07/21 11:06:35.0649 4464 VClone (fd911873c0bb6945fa38c16e9a2b58f9) C:\Windows\system32\DRIVERS\VClone.sys
2011/07/21 11:06:35.0667 4464 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
2011/07/21 11:06:35.0802 4464 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/07/21 11:06:35.0820 4464 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/07/21 11:06:35.0859 4464 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
2011/07/21 11:06:35.0876 4464 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
2011/07/21 11:06:35.0898 4464 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
2011/07/21 11:06:35.0935 4464 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
2011/07/21 11:06:35.0965 4464 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
2011/07/21 11:06:35.0987 4464 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/07/21 11:06:36.0025 4464 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
2011/07/21 11:06:36.0071 4464 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/07/21 11:06:36.0095 4464 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/21 11:06:36.0116 4464 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/21 11:06:36.0152 4464 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/07/21 11:06:36.0178 4464 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/07/21 11:06:36.0219 4464 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/07/21 11:06:36.0253 4464 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/07/21 11:06:36.0326 4464 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/07/21 11:06:36.0356 4464 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
2011/07/21 11:06:36.0407 4464 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/07/21 11:06:36.0458 4464 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
2011/07/21 11:06:36.0487 4464 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/07/21 11:06:36.0532 4464 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
2011/07/21 11:06:36.0570 4464 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk2\DR2
2011/07/21 11:06:36.0586 4464 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
2011/07/21 11:06:36.0602 4464 MBR (0x1B8) (66d0b28c8b44e531d0c19f436252abaa) \Device\Harddisk3\DR3
2011/07/21 11:06:36.0629 4464 Boot (0x1200) (63e8f57db42364e04830e625ab7a9baf) \Device\Harddisk1\DR1\Partition0
2011/07/21 11:06:36.0659 4464 Boot (0x1200) (f0c37ef6e4a4f728ef51d74cb026ff22) \Device\Harddisk1\DR1\Partition1
2011/07/21 11:06:36.0682 4464 Boot (0x1200) (4fc3c53e7554db2bcbfdda448ea14a44) \Device\Harddisk1\DR1\Partition2
2011/07/21 11:06:36.0701 4464 Boot (0x1200) (aa948ae48f96f1ab624d75ca4981a3f3) \Device\Harddisk1\DR1\Partition3
2011/07/21 11:06:36.0716 4464 Boot (0x1200) (2b3a34939a128b7d2c06b74ecf9b4512) \Device\Harddisk2\DR2\Partition0
2011/07/21 11:06:36.0725 4464 Boot (0x1200) (48a6afa7f1694867fb09e58720a5172f) \Device\Harddisk0\DR0\Partition0
2011/07/21 11:06:36.0739 4464 Boot (0x1200) (c94d2a7d1cf1edf57081ba1fc45da4c0) \Device\Harddisk3\DR3\Partition0
2011/07/21 11:06:36.0746 4464 ================================================================================
2011/07/21 11:06:36.0746 4464 Scan finished
2011/07/21 11:06:36.0746 4464 ================================================================================
2011/07/21 11:06:36.0756 4588 Detected object count: 0
2011/07/21 11:06:36.0756 4588 Actual detected object count: 0
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 24 Apr 2014
Posts: 9930
Location: Yorkshire

PostPosted: Thu Jul 21, 2011 1:30 pm    Post subject: Reply with quote

Are you using this machine for business purposes ?
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
garbanzo
Newbie


Joined: 20 Jul 2011
Last Visit: 23 Jul 2011
Posts: 6

PostPosted: Thu Jul 21, 2011 1:51 pm    Post subject: Reply with quote

Occasionally. Why do you ask?
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 24 Apr 2014
Posts: 9930
Location: Yorkshire

PostPosted: Thu Jul 21, 2011 9:08 pm    Post subject: Reply with quote

It's not the policy of this forum to work on computer's used for business purposes.

This forum was set up specifically to help home users, we do not work on business machines.

Computers used in a business environment often have policies and other modifications made to them. It is impossible for us to differentiate these from ones that have been made by an infection, so in removing what we think is an infection, we may compromise the business set up of your computer.

The scans we run often reveal information that most businesses would not want exposed in an open forum, and there are other legal constraints and ramifications involved with business machines that we are not equipped or trained to deal with.

I'm sorry but we can't help you.

I suggest you contact your IT Department, or whoever normally deals with technical issues in your company, and let them know your computer is infected. If it has been connected to a company network whilst infected, then that too may be compromised and will need to be checked.

This topic is now closed

Gary R

_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
Display posts from previous:   
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Spyware Warrior Forum Index -> Archived Spyware Removal Help Topics All times are GMT - 8 Hours
Page 1 of 1

 
Jump to:  
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group