1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Blue Screen of Death after Defeating Virus

Discussion in 'Malware and Virus Removal Archive' started by JustinCase, 2010/06/04.

Page 1 of 2
  1. 2010/06/04
    JustinCase

    JustinCase Inactive Thread Starter

    Joined:
    2010/05/29
    Messages:
    39
    Likes Received:
    0
    [Resolved] Blue Screen of Death after Defeating Virus

    Hope this is the right forum to put this.

    I had a very nasty virus/flu last week of which Broni helped me defeat. Thank you very much.

    Since then my machine has been acting sluggish sometimes and the Blue Screen of Death has popped up twice. I tried to do a restore from the restore set up when we finished but Windows says it cannot do a restore because it cannot find one file.

    It recommends closing the antivirus program and running again, which I did. I get the same results.

    Installed one program and unstalled it and windows has done two updates since then. Both after the uninstall, so if it is the guilty guy their restore before their install will not even fix that condition.

    Funny though, after trying to do the restore, when things are not running right and cannot access the internet, when the computer restarts after the failed restore, everything operates well, for a time. But to just do a restart does not seem to fix anything.

    No idea if it is just coincidence of the restore restart or no.

    What say ye?
     
    JustinCase,
    #1
  2. 2010/06/04
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Download BlueScreenView (in Zip file)
    No installation required.
    Unzip downloaded file and double click on BlueScreenView.exe file to run the program.
    When scanning is done, go Edit>Select All.
    Go File>Save Selected Items, and save the report as BSOD.txt.
    Open BSOD.txt in Notepad, copy all content, and paste it into your next reply.

    ===================================================================

    Download OTL to your Desktop.

    * Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    * Under the Custom Scan box paste this in:



    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    userinit.exe
    explorer.exe
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    CREATERESTOREPOINT



    * Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
    broni,
    #2


  3. to hide this advert.

  4. 2010/06/04
    JustinCase

    JustinCase Inactive Thread Starter

    Joined:
    2010/05/29
    Messages:
    39
    Likes Received:
    0
    Every time I try to access this I get this in response

    The connection was reset

    The connection to the server was reset while the page was loading.


    * The site could be temporarily unavailable or too busy. Try again in a few
    moments.

    * If you are unable to load any pages, check your computer's network
    connection.

    * If your computer or network is protected by a firewall or proxy, make sure
    that Firefox is permitted to access the Web.
     
    JustinCase,
    #3
  5. 2010/06/04
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    To access what exactly? :)
     
    broni,
    #4
  6. 2010/06/04
    JustinCase

    JustinCase Inactive Thread Starter

    Joined:
    2010/05/29
    Messages:
    39
    Likes Received:
    0
    Download BlueScreenView (in Zip file)
     
    JustinCase,
    #5
  7. 2010/06/04
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    File attached
     

    Attached Files:

    broni,
    #6
  8. 2010/06/04
    JustinCase

    JustinCase Inactive Thread Starter

    Joined:
    2010/05/29
    Messages:
    39
    Likes Received:
    0
    Ok, if BlueScreenView is to run on its own it says there are no crashes.
     
    JustinCase,
    #7
  9. 2010/06/04
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    What do you mean by "on its own "?
    Did you double click on BlueScreenView.exe?
    If you did and nothing showed up...
    Make sure, your settings are correct..

    1. Click Start, point to Settings, and then click Control Panel (Start>Control Panel in Vista).
    2. Double-click System.
    3. Click (Advanced system settings link in Vista, then --->)the Advanced tab, and then click Settings under Startup and Recovery.
    4. Make sure, there is a checkmark in Write an event to the system log.
    5. In the Write debugging information list, click Small memory dump (64k) (128K in Windows 7).

    Proceed with OTL...
     
    broni,
    #8
  10. 2010/06/04
    JustinCase

    JustinCase Inactive Thread Starter

    Joined:
    2010/05/29
    Messages:
    39
    Likes Received:
    0
    OTL logfile created on: 6/4/2010 10:21:45 AM - Run 1
    OTL by OldTimer - Version 3.2.5.3 Folder = C:\Users\Gary\Desktop
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 47.00% Memory free
    8.00 Gb Paging File | 6.00 Gb Available in Paging File | 72.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 287.19 Gb Total Space | 236.07 Gb Free Space | 82.20% Space Free | Partition Type: NTFS
    Drive D: | 10.80 Gb Total Space | 1.55 Gb Free Space | 14.33% Space Free | Partition Type: NTFS
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded
    Drive L: | 232.88 Gb Total Space | 109.02 Gb Free Space | 46.81% Space Free | Partition Type: NTFS

    Computer Name: GARY-PC
    Current User Name: Gary
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Include 64bit Scans
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 90 Days
    Output = Standard
    Quick Scan

    ========== Processes (SafeList) ==========

    PRC - [2010/06/04 10:01:42 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\Gary\Desktop\OTL.exe
    PRC - [2010/05/29 10:21:44 | 011,957,424 | ---- | M] (Mozilla Messaging) -- L:\ThunderbirdPortable\App\thunderbird\thunderbird.exe
    PRC - [2010/05/27 18:47:22 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\javaw.exe
    PRC - [2010/05/27 18:47:22 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWOW64\java.exe
    PRC - [2010/05/26 13:05:04 | 002,437,176 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
    PRC - [2010/05/26 13:03:36 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe
    PRC - [2010/05/07 10:26:36 | 000,616,960 | ---- | M] () -- C:\Program Files (x86)\OnlyWire\OnlyWireWindows.exe
    PRC - [2010/05/06 13:59:42 | 002,815,192 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    PRC - [2010/05/06 13:59:38 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    PRC - [2010/04/27 15:33:15 | 000,160,328 | ---- | M] (Siber Systems) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
    PRC - [2010/04/01 10:58:04 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    PRC - [2010/02/26 16:46:32 | 012,526,424 | ---- | M] (magicJack L.P.) -- C:\Users\Gary\AppData\Roaming\mjusbsp\magicJack.exe
    PRC - [2010/02/02 00:10:14 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
    PRC - [2010/02/02 00:10:10 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
    PRC - [2009/12/01 20:49:52 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
    PRC - [2009/10/07 01:47:22 | 000,125,464 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
    PRC - [2009/09/27 16:48:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    PRC - [2009/07/16 15:35:42 | 005,458,704 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe
    PRC - [2009/07/13 18:14:15 | 000,301,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cmd.exe
    PRC - [2009/06/03 13:35:16 | 000,430,080 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
    PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    PRC - [2008/11/20 11:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
    PRC - [2007/11/27 15:06:26 | 000,137,000 | ---- | M] (PortableApps.com) -- L:\ThunderbirdPortable\ThunderbirdPortable.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/06/04 10:01:42 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\Gary\Desktop\OTL.exe
    MOD - [2010/05/26 06:35:24 | 000,640,488 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\WOW64\Plugins\ISWSHEX.dll
    MOD - [2009/12/28 23:55:34 | 000,172,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wintrust.dll
    MOD - [2009/07/13 18:15:07 | 000,486,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll
    MOD - [2009/07/13 18:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
    MOD - [2009/07/13 18:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll
    MOD - [2009/06/10 14:23:11 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\msvcr80.dll
    MOD - [2009/06/10 14:23:11 | 000,554,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\msvcp80.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2010/05/26 06:35:34 | 000,823,272 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
    SRV:64bit: - [2010/05/10 03:00:33 | 001,255,736 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\SysNative\Wat\WatAdminSvc.exe -- (WatAdminSvc)
    SRV:64bit: - [2010/05/06 13:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
    SRV:64bit: - [2010/05/06 13:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
    SRV:64bit: - [2010/05/06 13:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
    SRV:64bit: - [2009/10/07 01:47:10 | 000,191,000 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
    SRV:64bit: - [2009/07/13 18:41:59 | 000,229,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wwansvc.dll -- (WwanSvc)
    SRV:64bit: - [2009/07/13 18:41:56 | 000,202,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbiosrvc.dll -- (WbioSrvc)
    SRV:64bit: - [2009/07/13 18:41:56 | 000,163,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpo.dll -- (Power)
    SRV:64bit: - [2009/07/13 18:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
    SRV:64bit: - [2009/07/13 18:41:54 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sppuinotify.dll -- (sppuinotify)
    SRV:64bit: - [2009/07/13 18:41:54 | 000,029,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sensrsvc.dll -- (SensrSvc)
    SRV:64bit: - [2009/07/13 18:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\pnrpsvc.dll -- (PNRPsvc)
    SRV:64bit: - [2009/07/13 18:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\pnrpsvc.dll -- (p2pimsvc)
    SRV:64bit: - [2009/07/13 18:41:53 | 000,187,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\provsvc.dll -- (HomeGroupProvider)
    SRV:64bit: - [2009/07/13 18:41:53 | 000,067,072 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\SysNative\RpcEpMap.dll -- (RpcEptMapper)
    SRV:64bit: - [2009/07/13 18:41:53 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pnrpauto.dll -- (PNRPAutoReg)
    SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/07/13 18:41:18 | 000,231,936 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ListSvc.dll -- (HomeGroupListener)
    SRV:64bit: - [2009/07/13 18:40:54 | 001,127,936 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\FntCache.dll -- (FontCache)
    SRV:64bit: - [2009/07/13 18:40:28 | 000,314,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
    SRV:64bit: - [2009/07/13 18:40:28 | 000,291,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\defragsvc.dll -- (defragsvc)
    SRV:64bit: - [2009/07/13 18:40:13 | 000,083,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\bthserv.dll -- (bthserv)
    SRV:64bit: - [2009/07/13 18:40:10 | 000,100,864 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\SysNative\bdesvc.dll -- (BDESVC)
    SRV:64bit: - [2009/07/13 18:40:05 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AxInstSv.dll -- (AxInstSV)
    SRV:64bit: - [2009/07/13 18:40:01 | 000,032,256 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appidsvc.dll -- (AppIDSvc)
    SRV:64bit: - [2009/07/13 18:39:51 | 001,503,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbengine.exe -- (wbengine)
    SRV:64bit: - [2009/07/13 18:39:28 | 003,524,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\sppsvc.exe -- (sppsvc)
    SRV:64bit: - [2009/07/13 18:39:11 | 000,689,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FXSSVC.exe -- (Fax)
    SRV:64bit: - [2009/03/27 11:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
    SRV - [2010/05/26 13:05:04 | 002,437,176 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe -- (vsmon)
    SRV - [2009/09/27 16:48:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
    SRV - [2009/07/13 20:20:14 | 000,000,000 | ---D | M] [On_Demand | Stopped] -- C:\Windows\Vss -- (VSS)
    SRV - [2009/07/13 20:20:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
    SRV - [2009/07/13 18:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\provsvc.dll -- (HomeGroupProvider)
    SRV - [2009/07/13 18:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
    SRV - [2009/07/13 13:30:11 | 000,061,056 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
    SRV - [2009/06/10 13:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
    SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
    SRV - [2005/11/14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2010/05/26 06:35:12 | 000,033,008 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
    DRV:64bit: - [2010/05/15 16:30:52 | 000,458,840 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vsdatant.sys -- (Vsdatant)
    DRV:64bit: - [2010/05/06 13:39:27 | 000,051,280 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
    DRV:64bit: - [2010/05/06 13:39:06 | 000,121,936 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
    DRV:64bit: - [2010/05/06 13:34:30 | 000,028,752 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
    DRV:64bit: - [2010/05/06 13:34:14 | 000,063,568 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV:64bit: - [2010/05/06 13:33:50 | 000,022,096 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV:64bit: - [2009/12/11 03:29:27 | 000,153,160 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ksecpkg.sys -- (KSecPkg)
    DRV:64bit: - [2009/10/07 01:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon)
    DRV:64bit: - [2009/10/07 01:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)
    DRV:64bit: - [2009/09/25 23:20:38 | 000,223,448 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fvevol.sys -- (fvevol)
    DRV:64bit: - [2009/08/13 04:20:46 | 001,209,856 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
    DRV:64bit: - [2009/07/30 10:12:56 | 000,339,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
    DRV:64bit: - [2009/07/13 18:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2009/07/13 18:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 18:48:04 | 000,014,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hwpolicy.sys -- (hwpolicy)
    DRV:64bit: - [2009/07/13 18:47:49 | 000,055,376 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fsdepends.sys -- (FsDepends)
    DRV:64bit: - [2009/07/13 18:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2009/07/13 18:45:56 | 000,022,096 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wimmount.sys -- (WIMMount)
    DRV:64bit: - [2009/07/13 18:45:55 | 000,217,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vhdmp.sys -- (vhdmp)
    DRV:64bit: - [2009/07/13 18:45:55 | 000,036,432 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vdrvroot.sys -- (vdrvroot)
    DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/13 18:45:46 | 000,214,096 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\rdyboost.sys -- (rdyboost)
    DRV:64bit: - [2009/07/13 18:45:45 | 000,050,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pcw.sys -- (pcw)
    DRV:64bit: - [2009/07/13 18:43:14 | 000,460,504 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\cng.sys -- (CNG)
    DRV:64bit: - [2009/07/13 17:17:46 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpbus.sys -- (rdpbus)
    DRV:64bit: - [2009/07/13 17:16:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\RDPREFMP.sys -- (RDPREFMP)
    DRV:64bit: - [2009/07/13 17:10:24 | 000,060,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
    DRV:64bit: - [2009/07/13 17:09:26 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\wfplwf.sys -- (WfpLwf)
    DRV:64bit: - [2009/07/13 17:08:13 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ndiscap.sys -- (NdisCap)
    DRV:64bit: - [2009/07/13 17:07:21 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vwifibus.sys -- (vwifibus)
    DRV:64bit: - [2009/07/13 17:07:13 | 000,227,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\1394ohci.sys -- (1394ohci)
    DRV:64bit: - [2009/07/13 17:06:52 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\umpass.sys -- (UmPass)
    DRV:64bit: - [2009/07/13 17:06:32 | 000,109,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
    DRV:64bit: - [2009/07/13 17:06:24 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidkmdf.sys -- (mshidkmdf)
    DRV:64bit: - [2009/07/13 17:05:37 | 000,112,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WUDFPf.sys -- (WudfPf)
    DRV:64bit: - [2009/07/13 17:02:08 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MTConfig.sys -- (MTConfig)
    DRV:64bit: - [2009/07/13 17:00:34 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CompositeBus.sys -- (CompositeBus)
    DRV:64bit: - [2009/07/13 17:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\beep.sys -- (Beep)
    DRV:64bit: - [2009/07/13 16:52:39 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\appid.sys -- (AppID)
    DRV:64bit: - [2009/07/13 16:50:17 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\SysNative\drivers\scfilter.sys -- (scfilter)
    DRV:64bit: - [2009/07/13 16:37:18 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\discache.sys -- (discache)
    DRV:64bit: - [2009/07/13 16:31:06 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidbatt.sys -- (HidBatt)
    DRV:64bit: - [2009/07/13 16:31:03 | 000,017,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CmBatt.sys -- (CmBatt)
    DRV:64bit: - [2009/07/13 16:27:17 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipmi.sys -- (AcpiPmi)
    DRV:64bit: - [2009/07/13 16:19:25 | 000,060,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdppm.sys -- (AmdPPM)
    DRV:64bit: - [2009/06/30 09:37:16 | 000,033,800 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\pavboot64.sys -- (pavboot)
    DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/04/30 15:55:56 | 002,755,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LV302V64.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
    DRV:64bit: - [2008/07/26 15:26:34 | 000,050,072 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)
    DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
    DRV - [2009/07/13 18:16:02 | 000,014,336 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\netbios.dll -- (NetBIOS)
    DRV - [2009/06/10 14:28:14 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)
    DRV - [2009/06/10 14:15:18 | 000,003,066 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
    IE - HKLM\..\URLSearchHook: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files (x86)\ZoneAlarm\tbZone.dll (Conduit Ltd.)

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
    IE - HKCU\..\URLSearchHook: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files (x86)\ZoneAlarm\tbZone.dll (Conduit Ltd.)
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledItems: support@lastpass.com:1.68.2
    FF - prefs.js..extensions.enabledItems: capturefoxmovie@advancity.net:0.7.0
    FF - prefs.js..extensions.enabledItems: clickbank@geminussoft.com:1.32
    FF - prefs.js..extensions.enabledItems: foxyproxy@eric.h.jung:2.19.1
    FF - prefs.js..extensions.enabledItems: rankchecker@seobook.com:1.7.2
    FF - prefs.js..extensions.enabledItems: seo4firefox@seobook.com:3.3.0
    FF - prefs.js..extensions.enabledItems: seotoolbar@seobook.com:1.0.17
    FF - prefs.js..extensions.enabledItems: spellbound@sourceforge.net:4.0.0
    FF - prefs.js..extensions.enabledItems: toolbar@alexa.com:1.4.9
    FF - prefs.js..extensions.enabledItems: urllister@binnyva.com:1.3
    FF - prefs.js..extensions.enabledItems: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.80
    FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.23
    FF - prefs.js..extensions.enabledItems: {317B5128-0B0B-49b2-B2DB-1E7560E16C74}:2.5.12
    FF - prefs.js..extensions.enabledItems: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd}:2.6.0.15
    FF - prefs.js..extensions.enabledItems: {6AC85730-7D0F-4de0-B3FA-21142DD85326}:2.0.2
    FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.81
    FF - prefs.js..extensions.enabledItems: {9BAE5926-8513-417d-8E47-774955A7C60D}:1.1.1d
    FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.9
    FF - prefs.js..extensions.enabledItems: {B7D3E479-CC68-42B5-A338-938ECE35F419}:0.9.0.0
    FF - prefs.js..extensions.enabledItems: {B9C8BE50-7105-4ec6-8FB4-4935C0671648}:0.5.995
    FF - prefs.js..extensions.enabledItems: {d47a9f51-8281-43fa-f450-f28ef8735e9a}:2.0.3
    FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100503

    FF - HKLM\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\The Shield Deluxe\The Shield Deluxe 2010\bdaphffext\
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/06/02 20:23:26 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/05/29 10:05:47 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: L:\ThunderbirdPortable\App\thunderbird\components [2010/05/29 10:21:48 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Plugins: L:\ThunderbirdPortable\App\thunderbird\plugins [2009/09/10 21:34:54 | 000,000,000 | ---D | M]

    [2010/05/29 10:21:51 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\Mozilla\Extensions
    [2010/05/29 10:21:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gary\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
    [2010/06/03 18:50:33 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\2jp1mb9m.default\extensions
    [2010/05/29 10:15:09 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\2jp1mb9m.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
    [2010/06/04 05:30:35 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\2jp1mb9m.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
    [2010/05/29 10:19:03 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\2jp1mb9m.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
    [2010/05/29 10:15:10 | 000,000,000 | ---D | M] (ZoneAlarm Toolbar) -- C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\2jp1mb9m.default\extensions\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}
    [2010/05/29 10:15:09 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\2jp1mb9m.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
    [2010/05/31 18:49:44 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\2jp1mb9m.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
    [2010/05/29 10:15:01 | 000,000,000 | ---D | M] (affilorama) -- C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\2jp1mb9m.default\extensions\{7822cf50-08ee-4915-9872-ee92472df6cb}
    [2010/05/29 10:15:10 | 000,000,000 | ---D | M] (FireFTP button) -- C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\2jp1mb9m.default\extensions\{9BAE5926-8513-417d-8E47-774955A7C60D}
    [2010/05/29 14:25:59 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\2jp1mb9m.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
    [2010/06/04 05:30:35 | 000,000,000 | ---D | M] (FireFTP) -- C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\2jp1mb9m.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
    [2010/05/29 10:15:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\2jp1mb9m.default\extensions\{B7D3E479-CC68-42B5-A338-938ECE35F419}
    [2010/05/29 10:15:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\2jp1mb9m.default\extensions\{B9C8BE50-7105-4ec6-8FB4-4935C0671648}
    [2010/05/29 10:15:03 | 000,000,000 | ---D | M] (Pixlr Grabber) -- C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\2jp1mb9m.default\extensions\{d47a9f51-8281-43fa-f450-f28ef8735e9a}
    [2010/05/29 02:23:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\2jp1mb9m.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
    [2010/05/29 02:18:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\2jp1mb9m.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
    [2010/05/29 10:15:03 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\2jp1mb9m.default\extensions\capturefoxmovie@advancity.net
    [2010/05/29 10:15:03 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\2jp1mb9m.default\extensions\clickbank@geminussoft.com
    [2010/05/29 10:15:06 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\2jp1mb9m.default\extensions\foxyproxy@eric.h.jung
    [2010/05/29 10:15:06 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\2jp1mb9m.default\extensions\rankchecker@seobook.com
    [2010/05/29 10:15:07 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\2jp1mb9m.default\extensions\seo4firefox@seobook.com
    [2010/05/29 10:15:07 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\2jp1mb9m.default\extensions\seotoolbar@seobook.com
    [2010/05/29 10:15:07 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\2jp1mb9m.default\extensions\spellbound@sourceforge.net
    [2010/06/03 18:50:24 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\2jp1mb9m.default\extensions\staged-xpis
    [2010/05/29 10:07:04 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\2jp1mb9m.default\extensions\support@lastpass.com
    [2010/05/29 10:15:07 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\2jp1mb9m.default\extensions\toolbar@alexa.com
    [2010/05/29 10:15:09 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\2jp1mb9m.default\extensions\toolbar@ask.com
    [2010/05/29 10:15:09 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\2jp1mb9m.default\extensions\urllister@binnyva.com
    [2010/05/10 07:37:31 | 000,001,657 | ---- | M] () -- C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\2jp1mb9m.default\searchplugins\how-i-rank.xml
    [2010/05/29 10:05:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2009/09/13 22:10:06 | 000,047,104 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files (x86)\Mozilla Firefox\components\FFComm.dll

    O1 HOSTS File: ([2010/05/31 18:51:41 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll File not found
    O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
    O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
    O2 - BHO: (ZoneAlarm Toolbar) - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files (x86)\ZoneAlarm\tbZone.dll (Conduit Ltd.)
    O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
    O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
    O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
    O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
    O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
    O3 - HKLM\..\Toolbar: (ZoneAlarm Toolbar) - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files (x86)\ZoneAlarm\tbZone.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
    O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {66F2E20D-0DA8-4C11-A9C8-DD8477B88ACD} - C:\Program Files (x86)\ZoneAlarm\tbZone.dll (Conduit Ltd.)
    O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O3:64bit: - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
    O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
    O4:64bit: - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
    O4:64bit: - HKLM..\Run: [PC-Doctor for Windows localizer] C:\Program Files\PC-Doctor for Windows\localizer.exe (PC-Doctor, Inc.)
    O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
    O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (ALWIL Software)
    O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
    O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
    O4 - HKCU..\Run: [cdloader] C:\Users\Gary\AppData\Roaming\mjusbsp\cdloader2.exe (magicJack L.P.)
    O4 - HKCU..\Run: [Logitech Vid] C:\Program Files (x86)\Logitech\Logitech Vid\vid.exe (Logitech Inc.)
    O4 - HKCU..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
    O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
    O4 - Startup: C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O8:64bit: - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
    O8:64bit: - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
    O8:64bit: - Extra context menu item: RoboForm Options - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComOptions.html ()
    O8:64bit: - Extra context menu item: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
    O8:64bit: - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
    O8 - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
    O8 - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
    O8 - Extra context menu item: RoboForm Options - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComOptions.html ()
    O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
    O8 - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
    O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
    O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
    O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
    O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
    O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
    O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
    O13 - gopher Prefix: missing
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 66.7.169.1 66.116.104.21
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (systempropertiesperformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O33 - MountPoints2\F\Shell\AutoRun\command - " " = F:\autorun.exe -- File not found
    O33 - MountPoints2\F\Shell\phone\command - " " = F:\autorun.exe -- File not found
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs:64bit: Ias - C:\Windows\SysNative\ias [2009/07/13 20:20:14 | 000,000,000 | ---D | M]
    NetSvcs:64bit: Irmon - C:\Windows\SysNative\irmon.dll (Microsoft Corporation)
    NetSvcs:64bit: Wmi - C:\Windows\SysNative\wmi.dll (Microsoft Corporation)
    NetSvcs:64bit: Themes - C:\Windows\SysNative\themeservice.dll (Microsoft Corporation)
    NetSvcs:64bit: BDESVC - C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation)
    NetSvcs: Ias - C:\Windows\SysWOW64\ias.dll (Microsoft Corporation)
    NetSvcs: Wmi - C:\Windows\SysWOW64\wmi.dll (Microsoft Corporation)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 90 Days ==========
     
    JustinCase,
    #9
  11. 2010/06/04
    JustinCase

    JustinCase Inactive Thread Starter

    Joined:
    2010/05/29
    Messages:
    39
    Likes Received:
    0
    [2010/06/04 10:16:15 | 000,000,000 | ---D | C] -- C:\Users\Gary\Desktop\2789d1275671614-active-blue-screen-death-after-defeating-virus-bluescreenview
    [2010/06/04 10:01:39 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Users\Gary\Desktop\OTL.exe
    [2010/06/04 06:43:59 | 000,000,000 | ---D | C] -- C:\Users\Gary\Desktop\Tubo Cash
    [2010/06/03 20:58:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CommentKahuna
    [2010/06/03 18:10:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\XHeader
    [2010/06/03 18:10:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Thraex Software
    [2010/06/03 18:07:16 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Roaming\EditPlus 3
    [2010/06/03 18:07:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EditPlus 3
    [2010/06/01 17:53:22 | 000,000,000 | ---D | C] -- C:\Users\Gary\Desktop\Acne No More
    [2010/05/30 16:01:31 | 000,121,936 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswSP.sys
    [2010/05/30 16:01:31 | 000,022,096 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
    [2010/05/30 16:01:30 | 000,028,752 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
    [2010/05/30 16:01:29 | 000,051,280 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
    [2010/05/30 16:01:24 | 000,063,568 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
    [2010/05/30 16:01:10 | 000,165,032 | ---- | C] (ALWIL Software) -- C:\Windows\SysWow64\aswBoot.exe
    [2010/05/30 16:01:10 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\Windows\SysWow64\avastSS.scr
    [2010/05/30 16:01:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
    [2010/05/30 16:01:08 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
    [2010/05/29 17:44:00 | 000,033,800 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysNative\drivers\pavboot64.sys
    [2010/05/29 17:43:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda Security
    [2010/05/29 14:37:10 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Roaming\BitDefender
    [2010/05/29 11:29:28 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Local\xheader-data
    [2010/05/29 11:07:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free-Buttons.org
    [2010/05/29 10:05:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
    [2010/05/29 08:25:00 | 000,000,000 | ---D | C] -- C:\Users\Gary\Desktop\Firefox backup files
    [2010/05/28 17:06:07 | 000,000,000 | ---D | C] -- C:\Users\Gary\Desktop\Katie
    [2010/05/28 08:57:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CoreFTP
    [2010/05/28 08:48:02 | 000,000,000 | ---D | C] -- C:\Users\Gary\Documents\ForceField Shared Files
    [2010/05/28 08:48:02 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Roaming\CheckPoint
    [2010/05/28 08:47:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
    [2010/05/28 08:47:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ZoneAlarm
    [2010/05/28 08:46:56 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
    [2010/05/28 08:46:24 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ZoneLabs
    [2010/05/28 08:45:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Zone Labs
    [2010/05/28 08:42:56 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs
    [2010/05/28 08:42:56 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
    [2010/05/27 18:47:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
    [2010/05/27 18:47:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
    [2010/05/27 10:46:26 | 000,000,000 | ---D | C] -- C:\ProgramData\BitDefender
    [2010/05/27 10:27:23 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Roaming\The Shield Deluxe
    [2010/05/27 10:26:42 | 000,000,000 | ---D | C] -- C:\ProgramData\The Shield Deluxe
    [2010/05/27 10:26:42 | 000,000,000 | ---D | C] -- C:\Program Files\The Shield Deluxe
    [2010/05/27 10:26:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\The Shield Deluxe
    [2010/05/27 10:25:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BitDefender
    [2010/05/27 08:35:25 | 000,000,000 | ---D | C] -- C:\ProgramData\SITEguard
    [2010/05/27 08:34:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\iS3
    [2010/05/26 18:45:23 | 001,640,400 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll.old
    [2010/05/26 18:42:09 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Local\ElevatedDiagnostics
    [2010/05/26 17:28:57 | 000,000,000 | -HSD | C] -- C:\ProgramData\System Restore
    [2010/05/25 12:49:48 | 000,000,000 | ---D | C] -- C:\Users\Gary\Desktop\pingotech
    [2010/05/25 12:34:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TrafficMystic.com
    [2010/05/25 12:23:43 | 000,000,000 | ---D | C] -- C:\Program Files\stephenhawkins
    [2010/05/25 11:25:09 | 000,000,000 | ---D | C] -- C:\Users\Gary\Desktop\SEO
    [2010/05/25 09:56:27 | 000,000,000 | ---D | C] -- C:\Users\Gary\Desktop\Site Tools - Ideas
    [2010/05/25 09:41:33 | 000,000,000 | ---D | C] -- C:\Users\Gary\Desktop\SoulMate Kit
    [2010/05/23 17:35:15 | 000,000,000 | ---D | C] -- C:\Users\Gary\Desktop\Computer Pics
    [2010/05/23 09:41:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Informec
    [2010/05/23 08:12:20 | 000,000,000 | ---D | C] -- C:\Users\Gary\Desktop\Selecting Niches
    [2010/05/22 13:06:24 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallJammer Registry
    [2010/05/22 13:06:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The Authority Loophole
    [2010/05/22 11:04:32 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Roaming\Affilorama
    [2010/05/22 11:04:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Traffic Travis v3
    [2010/05/22 00:00:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Alexandr Krulik
    [2010/05/20 16:31:39 | 000,000,000 | ---D | C] -- C:\Users\Gary\Desktop\Magic Article Submitter ETC
    [2010/05/19 08:16:35 | 000,000,000 | ---D | C] -- C:\Users\Gary\Documents\Registry Backup
    [2010/05/19 08:13:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner
    [2010/05/19 08:11:14 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Roaming\Malwarebytes
    [2010/05/19 08:11:04 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    [2010/05/19 08:11:03 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2010/05/19 08:11:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2010/05/19 08:11:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2010/05/19 08:09:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
    [2010/05/19 08:09:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
    [2010/05/16 01:32:02 | 000,000,000 | ---D | C] -- C:\Users\Gary\Documents\Downloads
    [2010/05/16 00:57:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
    [2010/05/15 21:59:05 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Roaming\DivX
    [2010/05/15 21:58:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
    [2010/05/15 21:58:48 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
    [2010/05/15 21:58:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared
    [2010/05/15 21:57:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DivX
    [2010/05/15 21:57:27 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
    [2010/05/15 18:50:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Magic Submitter
    [2010/05/13 19:40:14 | 000,000,000 | ---D | C] -- C:\Users\Gary\Desktop\DanielRankMover
    [2010/05/13 19:02:11 | 000,000,000 | ---D | C] -- C:\Users\Gary\Desktop\Lindas Site
    [2010/05/13 18:58:58 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Roaming\NetSpell
    [2010/05/13 11:19:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Incansoft
    [2010/05/12 13:52:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OnlyWire
    [2010/05/12 12:08:08 | 000,991,232 | ---- | C] (Viscom Software ) -- C:\Windows\SysWow64\imageviewer2.ocx
    [2010/05/12 12:08:08 | 000,200,704 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\Windows\SysWow64\threed32.ocx
    [2010/05/12 12:08:08 | 000,151,552 | ---- | C] (Domenico Statuto - CCRP) -- C:\Windows\SysWow64\ccrpfd6.ocx
    [2010/05/12 12:08:08 | 000,110,592 | ---- | C] (Common Controls Replacement Project (CCRP)) -- C:\Windows\SysWow64\ccrpbds6.dll
    [2010/05/12 12:08:08 | 000,106,496 | ---- | C] (Marco Bellinaso) -- C:\Windows\SysWow64\mbprgbar.ocx
    [2010/05/12 12:08:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PIXresizer
    [2010/05/12 12:02:09 | 000,000,000 | ---D | C] -- C:\Users\Gary\Desktop\Andew
    [2010/05/11 09:26:17 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Prefetch
    [2010/05/11 08:48:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Koe
    [2010/05/11 07:25:08 | 000,000,000 | ---D | C] -- C:\Users\Gary\Documents\Article Submission Helper
    [2010/05/11 07:25:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASHelper
    [2010/05/10 11:34:21 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Roaming\WinRAR
    [2010/05/10 11:34:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR
    [2010/05/10 03:00:40 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
    [2010/05/10 03:00:34 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
    [2010/05/09 11:00:08 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Local\Diagnostics
    [2010/05/08 14:07:25 | 000,000,000 | ---D | C] -- C:\Windows\Sun
    [2010/05/08 11:47:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LastPass
    [2010/05/07 23:34:13 | 000,000,000 | ---D | C] -- C:\Program Files\Convert Document To Image
    [2010/05/07 23:32:04 | 001,101,824 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\SysWow64\tx151dox.dll
    [2010/05/07 23:32:04 | 000,790,528 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\SysWow64\tx151doc.dll
    [2010/05/07 23:32:04 | 000,655,360 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\SysWow64\tx151pdf.dll
    [2010/05/07 23:32:04 | 000,651,264 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\SysWow64\tx151htm.dll
    [2010/05/07 23:32:04 | 000,626,688 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\SysWow64\NCTImageFile.dll
    [2010/05/07 23:32:04 | 000,479,232 | ---- | C] (SoftInterface.COM) -- C:\Windows\SysWow64\PDFConverterX.ocx
    [2010/05/07 23:32:04 | 000,360,448 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\SysWow64\tx151css.dll
    [2010/05/07 23:32:03 | 000,831,488 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\SysWow64\tx151.dll
    [2010/05/07 23:32:03 | 000,585,728 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\SysWow64\tx151rtf.dll
    [2010/05/07 23:32:03 | 000,376,832 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\SysWow64\txole151.ocx
    [2010/05/07 23:32:03 | 000,327,680 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\SysWow64\tx151obj.dll
    [2010/05/07 23:32:03 | 000,245,760 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\SysWow64\tx151tls.dll
    [2010/05/07 23:32:03 | 000,237,568 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\SysWow64\tx151png.flt
    [2010/05/07 23:32:03 | 000,200,704 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\SysWow64\tx151jpg.flt
    [2010/05/07 23:32:03 | 000,155,648 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\SysWow64\tx151ic.dll
    [2010/05/07 23:32:03 | 000,106,496 | ---- | C] (Skogen) -- C:\Windows\SysWow64\SeeThroughPicture.ocx
    [2010/05/07 23:32:03 | 000,090,112 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\SysWow64\tx151bmp.flt
    [2010/05/07 23:32:03 | 000,073,728 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\SysWow64\tx151tif.flt
    [2010/05/07 23:32:03 | 000,065,536 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\SysWow64\tx151wnd.dll
    [2010/05/07 23:32:03 | 000,057,344 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\SysWow64\tx151gif.flt
    [2010/05/07 23:32:03 | 000,053,248 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\SysWow64\tx151wmf.flt
    [2010/05/07 23:32:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Softinterface, Inc
    [2010/05/07 23:18:54 | 000,000,000 | ---D | C] -- C:\Users\Gary\Documents\Output Files
    [2010/05/07 23:12:19 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\tempdir
    [2010/05/07 23:12:17 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\tool
    [2010/05/07 23:12:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Doc-Docx to Image Converter 3000
    [2010/05/07 22:36:16 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Roaming\IrfanView
    [2010/05/07 22:36:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IrfanView
    [2010/05/07 21:00:05 | 000,000,000 | ---D | C] -- C:\Users\Gary\Desktop\Chigger Articles Spun 5-7-10
    [2010/05/07 13:46:23 | 000,000,000 | ---D | C] -- C:\Users\Gary\Documents\Maria
    [2010/05/07 01:47:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rapid Rewriter
    [2010/05/06 23:41:30 | 000,000,000 | ---D | C] -- C:\Users\Gary\Documents\Health
    [2010/05/05 19:41:24 | 000,000,000 | ---D | C] -- C:\ProgramData\{DA06AA03-DF24-4ECE-939E-1B0939235C66}
    [2010/05/05 19:41:05 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Roaming\hpqLog
    [2010/05/05 19:26:59 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
    [2010/05/04 19:44:56 | 000,000,000 | ---D | C] -- C:\Users\Gary\Desktop\Foreclosure
    [2010/05/04 17:15:51 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Roaming\HP Support Assistant
    [2010/05/02 15:19:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
    [2010/05/02 15:18:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
    [2010/05/02 15:18:13 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Local\Adobe
    [2010/05/02 15:17:58 | 000,000,000 | ---D | C] -- C:\ProgramData\NOS
    [2010/05/02 14:56:44 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Roaming\Foxit Software
    [2010/05/02 13:54:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TubeSucker
    [2010/05/02 13:42:32 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Local\IsolatedStorage
    [2010/05/02 13:37:34 | 000,000,000 | ---D | C] -- C:\Users\Gary\Desktop\Software
    [2010/05/02 13:27:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Recovery
    [2010/05/02 12:34:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MassArticleCreator
    [2010/05/02 12:01:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
    [2010/05/02 11:57:42 | 000,000,000 | ---D | C] -- C:\Users\Gary\Desktop\Travis Computer
    [2010/05/02 11:41:14 | 000,000,000 | ---D | C] -- C:\Users\Gary\Desktop\My Websites1
    [2010/05/02 11:39:03 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Roaming\CyberLink
    [2010/05/02 11:38:23 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Local\CyberLink
    [2010/05/02 11:38:22 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Local\PowerCinema
    [2010/05/02 11:32:32 | 000,000,000 | ---D | C] -- C:\Users\Gary\Documents\My Maps
    [2010/05/02 11:32:31 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Local\Mindjet
    [2010/05/02 11:32:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mindjet
    [2010/05/02 11:30:40 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
    [2010/05/02 11:20:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
    [2010/05/02 11:20:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
    [2010/05/02 11:14:11 | 000,054,016 | ---- | C] (OrangeWare Corporation) -- C:\Windows\SysWow64\drivers\ousb2hub.sys
    [2010/05/02 11:14:11 | 000,039,040 | ---- | C] (OrangeWare Corporation) -- C:\Windows\SysWow64\drivers\ousbehci.sys
    [2010/05/02 11:14:11 | 000,000,000 | ---D | C] -- C:\Windows\Drivers
    [2010/05/01 22:57:37 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Roaming\OpenOffice.org
    [2010/05/01 22:41:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JRE
    [2010/05/01 22:41:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3
    [2010/05/01 22:40:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
    [2010/05/01 22:32:48 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Roaming\GoodSync
    [2010/05/01 22:32:48 | 000,000,000 | ---D | C] -- C:\ProgramData\GoodSync
    [2010/05/01 22:32:45 | 000,000,000 | ---D | C] -- C:\Program Files\Siber Systems
    [2010/05/01 22:05:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
    [2010/05/01 16:42:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
    [2010/05/01 16:26:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
    [2010/05/01 16:26:31 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Local\Google
    [2010/05/01 15:59:34 | 000,000,000 | ---D | C] -- C:\Users\Gary\Desktop\Articles from Web
    [2010/05/01 13:20:44 | 000,000,000 | ---D | C] -- C:\Users\Gary\Desktop\Backlink Generator - Site Installed
    [2010/05/01 13:15:06 | 000,000,000 | ---D | C] -- C:\Users\Gary\Desktop\Cross Posting
    [2010/05/01 13:07:19 | 000,000,000 | ---D | C] -- C:\Users\Gary\Desktop\Google10 Box Maps
    [2010/05/01 12:56:30 | 000,000,000 | ---D | C] -- C:\Users\Gary\Desktop\Internet Pictures
    [2010/05/01 11:47:37 | 000,000,000 | ---D | C] -- C:\Users\Gary\Desktop\Dragon Preferred 10.1
    [2010/05/01 11:23:04 | 000,000,000 | ---D | C] -- C:\Users\Gary\Documents\Offline business info
    [2010/05/01 11:18:32 | 000,000,000 | ---D | C] -- C:\Users\Gary\Desktop\AG
    [2010/05/01 11:18:19 | 000,000,000 | ---D | C] -- C:\Users\Gary\Desktop\Answer Sites
    [2010/05/01 11:18:15 | 000,000,000 | ---D | C] -- C:\Users\Gary\Desktop\Home Foreclosure
    [2010/05/01 11:13:25 | 000,000,000 | ---D | C] -- C:\Users\Gary\Desktop\Aticles to publish
    [2010/05/01 11:05:23 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Roaming\Template
    [2010/05/01 10:59:58 | 000,000,000 | ---D | C] -- C:\Users\Gary\Desktop\Amanda's Backlinks
    [2010/05/01 10:58:01 | 000,000,000 | ---D | C] -- C:\Users\Gary\Desktop\Stop Foreclosure Process
    [2010/05/01 08:40:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Citrix
    [2010/04/29 03:03:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
    [2010/04/27 18:12:26 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Roaming\Thunderbird
    [2010/04/27 18:12:26 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Local\Thunderbird
    [2010/04/27 17:01:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com
    [2010/04/27 17:01:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Foxit Software
    [2010/04/27 16:08:32 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Local\tjnet
    [2010/04/27 15:33:44 | 000,000,000 | ---D | C] -- C:\ProgramData\RoboForm
    [2010/04/27 15:33:32 | 000,000,000 | ---D | C] -- C:\Users\Gary\Documents\My RoboForm Data
    [2010/04/27 15:33:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Siber Systems
    [2010/04/27 15:24:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Micro Niche Finder 5.0
    [2010/04/27 15:19:52 | 000,000,000 | ---D | C] -- C:\Users\Gary\Documents\Micro Niche Finder
    [2010/04/27 15:19:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Micro Niche Finder
    [2010/04/27 15:13:51 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Local\Mozilla
    [2010/04/27 15:13:50 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Roaming\Mozilla
    [2010/04/27 14:49:04 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Roaming\mjusbsp
    [2010/04/27 14:31:52 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Roaming\WinBatch
    [2010/04/27 14:26:36 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Local\LogiShrd
    [2010/04/27 14:26:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Logitech
    [2010/04/27 14:26:28 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Roaming\Leadertech
    [2010/04/27 14:24:53 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
    [2010/04/27 14:24:53 | 000,000,000 | ---D | C] -- C:\ProgramData\LogiShrd
    [2010/04/27 14:24:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LogiShrd
    [2010/04/27 14:17:26 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Roaming\Macromedia
    [2010/04/27 14:17:26 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Roaming\Adobe
    [2010/04/27 14:17:08 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Roaming\HpUpdate
    [2010/04/27 14:10:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\logishrd
    [2010/04/27 14:09:58 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Roaming\Hewlett-Packard
    [2010/04/27 14:09:32 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Roaming\PictureMover
    [2010/04/27 14:07:46 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Local\Hewlett-Packard
    [2010/04/27 14:07:30 | 000,000,000 | R--D | C] -- C:\Users\Gary\Searches
    [2010/04/27 14:07:10 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Roaming\Identities
    [2010/04/27 14:07:00 | 000,000,000 | R--D | C] -- C:\Users\Gary\Contacts
    [2010/04/27 14:06:57 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Local\VirtualStore
    [2010/04/27 14:06:31 | 000,000,000 | --SD | C] -- C:\Users\Gary\AppData\Roaming\Microsoft
    [2010/04/27 14:06:31 | 000,000,000 | R--D | C] -- C:\Users\Gary\Videos
    [2010/04/27 14:06:31 | 000,000,000 | R--D | C] -- C:\Users\Gary\Saved Games
    [2010/04/27 14:06:31 | 000,000,000 | R--D | C] -- C:\Users\Gary\Pictures
    [2010/04/27 14:06:31 | 000,000,000 | R--D | C] -- C:\Users\Gary\Music
    [2010/04/27 14:06:31 | 000,000,000 | R--D | C] -- C:\Users\Gary\Links
    [2010/04/27 14:06:31 | 000,000,000 | R--D | C] -- C:\Users\Gary\Favorites
    [2010/04/27 14:06:31 | 000,000,000 | R--D | C] -- C:\Users\Gary\Downloads
    [2010/04/27 14:06:31 | 000,000,000 | R--D | C] -- C:\Users\Gary\My Documents
    [2010/04/27 14:06:31 | 000,000,000 | R--D | C] -- C:\Users\Gary\Desktop
    [2010/04/27 14:06:31 | 000,000,000 | -HSD | C] -- C:\Users\Gary\AppData\Local\Temporary Internet Files
    [2010/04/27 14:06:31 | 000,000,000 | -HSD | C] -- C:\Users\Gary\Templates
    [2010/04/27 14:06:31 | 000,000,000 | -HSD | C] -- C:\Users\Gary\Start Menu
    [2010/04/27 14:06:31 | 000,000,000 | -HSD | C] -- C:\Users\Gary\SendTo
    [2010/04/27 14:06:31 | 000,000,000 | -HSD | C] -- C:\Users\Gary\Recent
    [2010/04/27 14:06:31 | 000,000,000 | -HSD | C] -- C:\Users\Gary\PrintHood
    [2010/04/27 14:06:31 | 000,000,000 | -HSD | C] -- C:\Users\Gary\NetHood
    [2010/04/27 14:06:31 | 000,000,000 | -HSD | C] -- C:\Users\Gary\Documents\My Videos
    [2010/04/27 14:06:31 | 000,000,000 | -HSD | C] -- C:\Users\Gary\Documents\My Pictures
    [2010/04/27 14:06:31 | 000,000,000 | -HSD | C] -- C:\Users\Gary\Documents\My Music
    [2010/04/27 14:06:31 | 000,000,000 | -HSD | C] -- C:\Users\Gary\My Documents
    [2010/04/27 14:06:31 | 000,000,000 | -HSD | C] -- C:\Users\Gary\Local Settings
    [2010/04/27 14:06:31 | 000,000,000 | -HSD | C] -- C:\Users\Gary\AppData\Local\History
    [2010/04/27 14:06:31 | 000,000,000 | -HSD | C] -- C:\Users\Gary\Cookies
    [2010/04/27 14:06:31 | 000,000,000 | -HSD | C] -- C:\Users\Gary\Application Data
    [2010/04/27 14:06:31 | 000,000,000 | -HSD | C] -- C:\Users\Gary\AppData\Local\Application Data
    [2010/04/27 14:06:31 | 000,000,000 | -H-D | C] -- C:\Users\Gary\AppData
    [2010/04/27 14:06:31 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Local\Temp
    [2010/04/27 14:06:31 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Local\Microsoft
    [2010/04/27 14:06:31 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Roaming\Media Center Programs
    [2010/04/27 14:06:16 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
    [2010/04/26 15:04:42 | 000,353,592 | ---- | C] (DivX, Inc.) -- C:\Windows\SysWow64\DivXControlPanelApplet.cpl
    [2010/03/08 10:59:18 | 000,094,208 | ---- | C] (DivX, Inc.) -- C:\Windows\SysWow64\dpl100.dll
    [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

    ========== Files - Modified Within 90 Days ==========
     
    JustinCase,
    #10
  12. 2010/06/04
    JustinCase

    JustinCase Inactive Thread Starter

    Joined:
    2010/05/29
    Messages:
    39
    Likes Received:
    0
    [2010/06/04 10:23:46 | 001,835,008 | -HS- | M] () -- C:\Users\Gary\NTUSER.DAT
    [2010/06/04 10:01:42 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\Gary\Desktop\OTL.exe
    [2010/06/04 09:31:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2010/06/04 07:33:04 | 000,000,991 | ---- | M] () -- C:\Users\Gary\Desktop\magicJack.lnk
    [2010/06/04 05:38:46 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2010/06/04 05:38:46 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2010/06/04 05:34:40 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2010/06/04 05:31:34 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
    [2010/06/04 05:31:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2010/06/04 05:31:19 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys
    [2010/06/04 05:28:31 | 002,609,400 | -H-- | M] () -- C:\Users\Gary\AppData\Local\IconCache.db
    [2010/06/04 05:12:15 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForGary.job
    [2010/06/03 21:10:08 | 000,002,589 | ---- | M] () -- C:\Users\Public\Desktop\Comment Kahuna.lnk
    [2010/06/03 20:17:33 | 000,000,975 | ---- | M] () -- C:\Users\Gary\Desktop\Traffic Travis.lnk
    [2010/06/03 18:34:52 | 000,001,278 | ---- | M] () -- C:\Users\Gary\Desktop\Graphics.lnk
    [2010/06/03 18:10:06 | 000,205,692 | ---- | M] () -- C:\Windows\XHeader Uninstaller.exe
    [2010/06/03 18:10:06 | 000,000,953 | ---- | M] () -- C:\Users\Gary\Desktop\XHeader.lnk
    [2010/06/03 18:07:17 | 000,000,983 | ---- | M] () -- C:\Users\Gary\Desktop\EditPlus 3.lnk
    [2010/06/02 18:06:34 | 001,448,113 | ---- | M] () -- C:\Users\Gary\Desktop\rolodex-poster.ZIP
    [2010/06/01 22:32:37 | 001,102,528 | ---- | M] () -- C:\Users\Gary\Desktop\profit-instruments-revealed.pdf
    [2010/06/01 12:24:36 | 093,691,392 | ---- | M] () -- C:\SB95_ea_x32.msi
    [2010/06/01 05:59:52 | 006,741,094 | ---- | M] () -- C:\Users\Gary\Desktop\3000 PLR Articles.zip
    [2010/05/31 18:51:41 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
    [2010/05/31 18:17:54 | 000,000,544 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
    [2010/05/30 16:01:24 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
    [2010/05/30 15:52:41 | 000,000,132 | ---- | M] () -- C:\Windows\SysNative\rezumatenoi.dat
    [2010/05/30 09:49:18 | 000,492,489 | ---- | M] () -- C:\Users\Gary\Desktop\monthlycash.pdf
    [2010/05/30 06:50:38 | 000,785,623 | ---- | M] () -- C:\Users\Gary\Desktop\TheCopywritingFormula.pdf
    [2010/05/29 08:46:10 | 000,740,616 | ---- | M] () -- C:\Users\Gary\Desktop\article-marketing[1].pdf
    [2010/05/28 08:57:19 | 000,000,931 | ---- | M] () -- C:\Users\Public\Desktop\Core FTP Lite.lnk
    [2010/05/28 08:48:14 | 000,420,800 | ---- | M] () -- C:\Windows\SysNative\drivers\vsconfig.xml
    [2010/05/27 18:25:56 | 000,002,016 | ---- | M] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg
    [2010/05/27 12:40:04 | 000,000,016 | ---- | M] () -- C:\Windows\SysNative\asdict.dat
    [2010/05/27 12:40:04 | 000,000,004 | ---- | M] () -- C:\Windows\SysNative\aspdict-en.dat
    [2010/05/27 12:40:04 | 000,000,000 | ---- | M] () -- C:\pcwords2.dat
    [2010/05/27 12:40:04 | 000,000,000 | ---- | M] () -- C:\pcwords.dat
    [2010/05/27 12:40:04 | 000,000,000 | ---- | M] () -- C:\pc_sign.slf
    [2010/05/27 12:40:04 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\ab_bl.sig
    [2010/05/27 12:40:03 | 000,000,000 | ---- | M] () -- C:\pcconf.ini
    [2010/05/27 11:31:42 | 000,000,385 | ---- | M] () -- C:\Windows\SysNative\user_gensett.xml
    [2010/05/27 10:24:32 | 000,137,570 | ---- | M] () -- C:\BdUninstallTool2010.05.27-10.19.39.reg
    [2010/05/26 18:08:44 | 000,000,974 | ---- | M] () -- C:\Users\Gary\AppData\Roaming\wklnhst.dat
    [2010/05/26 07:25:44 | 000,634,474 | ---- | M] () -- C:\Users\Gary\Desktop\Web-Traffic-Mechanic.pdf
    [2010/05/25 12:26:52 | 000,000,290 | ---- | M] () -- C:\Users\Gary\Documents\SEOLDFASTINDEX.REG
    [2010/05/24 16:55:08 | 000,078,951 | ---- | M] () -- C:\Users\Gary\Desktop\LightningCashBlueprintsProcessMap.pdf
    [2010/05/24 16:54:59 | 000,794,435 | ---- | M] () -- C:\Users\Gary\Desktop\LightningCashBlueprints.pdf
    [2010/05/24 11:47:37 | 000,229,787 | ---- | M] () -- C:\Users\Gary\Desktop\Shoppers Safety Guide.pdf
    [2010/05/24 00:33:25 | 000,001,738 | ---- | M] () -- C:\Users\Gary\Desktop\Passwords-Karen tappart.rtf
    [2010/05/23 17:32:21 | 000,717,102 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2010/05/23 17:32:21 | 000,617,222 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2010/05/23 17:32:21 | 000,104,350 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2010/05/23 09:41:27 | 000,002,613 | ---- | M] () -- C:\Users\Public\Desktop\SerpAssist Lite!.lnk
    [2010/05/21 23:57:55 | 000,001,226 | ---- | M] () -- C:\Users\Gary\Desktop\Revo Uninstaller.lnk
    [2010/05/21 01:10:09 | 000,000,019 | ---- | M] () -- C:\Users\Public\Documents\CTDChannels_Version.3dc48cd1.cdf
    [2010/05/20 17:15:25 | 000,000,019 | ---- | M] () -- C:\Users\Public\Documents\CTDChannels_Version.cd27244d.cdf
    [2010/05/20 17:02:41 | 000,003,059 | ---- | M] () -- C:\Users\Gary\Desktop\Magic Article Submitter.lnk
    [2010/05/20 17:02:04 | 000,002,615 | ---- | M] () -- C:\Users\Public\Desktop\Magic Article Rewriter.lnk
    [2010/05/20 16:45:39 | 000,627,761 | ---- | M] () -- C:\Users\Gary\The Article Leverage System.pdf
    [2010/05/19 08:13:16 | 000,001,847 | ---- | M] () -- C:\Users\Gary\Desktop\CCleaner.lnk
    [2010/05/19 08:11:06 | 000,000,971 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/05/19 08:09:58 | 000,001,220 | ---- | M] () -- C:\Users\Gary\Desktop\Spybot - Search & Destroy.lnk
    [2010/05/18 16:35:29 | 000,001,738 | ---- | M] () -- C:\Users\Gary\Desktop\passwords.rtf
    [2010/05/18 11:27:32 | 001,079,461 | ---- | M] () -- C:\Users\Gary\Desktop\great research tool ever.pdf
    [2010/05/18 11:26:06 | 000,273,378 | ---- | M] () -- C:\Users\Gary\Desktop\Travis Niche Information.pdf
    [2010/05/17 09:55:57 | 000,103,249 | ---- | M] () -- C:\Users\Gary\Desktop\TripleProfitMultiplier-ProcessMap.pdf
    [2010/05/17 09:55:56 | 000,429,362 | ---- | M] () -- C:\Users\Gary\Desktop\TripleProfitMultiplier.pdf
    [2010/05/15 21:59:15 | 000,001,611 | ---- | M] () -- C:\Users\Gary\Desktop\DivX Movies.lnk
    [2010/05/15 21:58:57 | 000,001,074 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
    [2010/05/15 21:58:46 | 000,001,114 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
    [2010/05/13 20:05:14 | 000,711,168 | ---- | M] () -- C:\Windows\is-I3AKN.exe
    [2010/05/13 20:05:14 | 000,010,562 | ---- | M] () -- C:\Windows\is-I3AKN.msg
    [2010/05/13 20:05:14 | 000,000,583 | ---- | M] () -- C:\Windows\is-I3AKN.lst
    [2010/05/13 15:03:01 | 000,057,271 | ---- | M] () -- C:\Users\Gary\Desktop\500Bookmarking.pdf
    [2010/05/13 12:25:24 | 000,730,638 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2010/05/13 11:19:32 | 000,003,065 | ---- | M] () -- C:\Users\Gary\Desktop\Traffic Mania - RSSBot.lnk
    [2010/05/12 18:20:44 | 006,296,004 | ---- | M] () -- C:\Users\Gary\Desktop\ErnieFord.wmv
    [2010/05/12 13:52:31 | 000,001,736 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\OnlyWire.LNK
    [2010/05/12 12:46:34 | 000,072,080 | ---- | M] () -- C:\Users\Gary\g2mdlhlpx.exe
    [2010/05/12 12:08:09 | 000,000,993 | ---- | M] () -- C:\Users\Gary\Desktop\PIXresizer.lnk
    [2010/05/11 07:25:02 | 000,000,833 | ---- | M] () -- C:\Users\Public\Desktop\Article Submitter.lnk
    [2010/05/07 23:37:08 | 000,061,558 | ---- | M] () -- C:\Users\Gary\Documents\little girls.jpg
    [2010/05/07 23:34:16 | 000,000,024 | ---- | M] () -- C:\Windows\SW_Win3112X32.DLL
    [2010/05/07 23:34:15 | 000,000,823 | ---- | M] () -- C:\Users\Gary\Desktop\Convert Document To Image.lnk
    [2010/05/07 23:16:28 | 000,001,976 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
    [2010/05/07 22:42:54 | 000,546,304 | ---- | M] () -- C:\Users\Gary\Documents\little girls.doc
    [2010/05/07 22:15:04 | 000,030,720 | ---- | M] () -- C:\Users\Gary\Documents\Chiggers.rrp
    [2010/05/07 08:57:44 | 000,075,057 | ---- | M] () -- C:\Users\Gary\Desktop\Walton-Feed-May-2-2010.csv
    [2010/05/07 01:57:10 | 000,007,168 | ---- | M] () -- C:\Users\Gary\Documents\Foreclosure.rrp
    [2010/05/07 01:05:22 | 000,000,736 | ---- | M] () -- C:\Users\Gary\Documents\Rapid Rewriter Article Spinner And MORE!.htm
    [2010/05/07 00:35:10 | 000,295,977 | ---- | M] () -- C:\Users\Gary\Documents\233Geek-Free-SEO.pdf
    [2010/05/06 23:41:57 | 000,059,035 | ---- | M] () -- C:\Users\Gary\Documents\Alzheimers_disease_prevention.html
    [2010/05/06 13:59:57 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\Windows\SysWow64\avastSS.scr
    [2010/05/06 13:59:36 | 000,165,032 | ---- | M] (ALWIL Software) -- C:\Windows\SysWow64\aswBoot.exe
    [2010/05/06 13:39:27 | 000,051,280 | ---- | M] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
    [2010/05/06 13:39:06 | 000,121,936 | ---- | M] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswSP.sys
    [2010/05/06 13:34:30 | 000,028,752 | ---- | M] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
    [2010/05/06 13:34:14 | 000,063,568 | ---- | M] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
    [2010/05/06 13:33:50 | 000,022,096 | ---- | M] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
    [2010/05/02 15:18:56 | 000,000,957 | ---- | M] () -- C:\Users\Public\Desktop\Acrobat_com.lnk
    [2010/05/02 13:54:06 | 000,002,871 | ---- | M] () -- C:\Users\Gary\Desktop\Shortcut to TubeSucker.exe.lnk
    [2010/05/02 13:54:06 | 000,002,871 | ---- | M] () -- C:\Users\Gary\Desktop\Shortcut to ProgrammableTabBrowser.exe.lnk
    [2010/05/02 13:42:30 | 000,085,256 | ---- | M] () -- C:\Users\Gary\AppData\Local\GDIPFONTCACHEV1.DAT
    [2010/05/02 13:32:28 | 000,352,896 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2010/05/01 22:58:14 | 000,001,197 | ---- | M] () -- C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
    [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    [2010/04/29 15:39:28 | 000,024,664 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2010/04/27 14:24:55 | 000,002,085 | ---- | M] () -- C:\Users\Public\Desktop\Logitech Webcam Software.lnk
    [2010/04/27 14:10:39 | 000,524,288 | -HS- | M] () -- C:\Users\Gary\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
    [2010/04/27 14:10:39 | 000,524,288 | -HS- | M] () -- C:\Users\Gary\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
    [2010/04/27 14:10:39 | 000,065,536 | -HS- | M] () -- C:\Users\Gary\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
    [2010/04/27 14:06:31 | 000,000,020 | -HS- | M] () -- C:\Users\Gary\ntuser.ini
    [2010/04/27 14:05:21 | 000,039,252 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
    [2010/04/27 14:05:21 | 000,039,252 | ---- | M] () -- C:\Windows\SysNative\license.rtf
    [2010/04/26 15:04:42 | 000,353,592 | ---- | M] (DivX, Inc.) -- C:\Windows\SysWow64\DivXControlPanelApplet.cpl
    [2010/04/14 23:12:14 | 001,391,203 | ---- | M] () -- C:\Users\Gary\Desktop\50 Sites Pay To Write-Personal.zip
    [2010/03/11 09:45:14 | 001,220,608 | ---- | M] () -- C:\Windows\SysWow64\pdf2bmp.dll
    [2010/03/08 10:59:18 | 000,094,208 | ---- | M] (DivX, Inc.) -- C:\Windows\SysWow64\dpl100.dll
    [2010/03/08 07:15:12 | 000,319,488 | ---- | M] () -- C:\Windows\SysWow64\WordConverterX2.ocx
    [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2010/06/03 20:58:47 | 000,002,589 | ---- | C] () -- C:\Users\Public\Desktop\Comment Kahuna.lnk
    [2010/06/03 18:34:52 | 000,001,278 | ---- | C] () -- C:\Users\Gary\Desktop\Graphics.lnk
    [2010/06/03 18:10:06 | 000,205,692 | ---- | C] () -- C:\Windows\XHeader Uninstaller.exe
    [2010/06/03 18:10:06 | 000,000,953 | ---- | C] () -- C:\Users\Gary\Desktop\XHeader.lnk
    [2010/06/03 18:07:17 | 000,000,983 | ---- | C] () -- C:\Users\Gary\Desktop\EditPlus 3.lnk
    [2010/06/02 20:22:59 | 093,691,392 | ---- | C] () -- C:\SB95_ea_x32.msi
    [2010/06/02 18:06:27 | 001,448,113 | ---- | C] () -- C:\Users\Gary\Desktop\rolodex-poster.ZIP
    [2010/06/01 22:32:33 | 001,102,528 | ---- | C] () -- C:\Users\Gary\Desktop\profit-instruments-revealed.pdf
    [2010/06/01 05:59:33 | 006,741,094 | ---- | C] () -- C:\Users\Gary\Desktop\3000 PLR Articles.zip
    [2010/05/30 16:01:24 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
    [2010/05/30 09:49:15 | 000,492,489 | ---- | C] () -- C:\Users\Gary\Desktop\monthlycash.pdf
    [2010/05/30 06:50:32 | 000,785,623 | ---- | C] () -- C:\Users\Gary\Desktop\TheCopywritingFormula.pdf
    [2010/05/29 08:46:10 | 000,740,616 | ---- | C] () -- C:\Users\Gary\Desktop\article-marketing[1].pdf
    [2010/05/29 02:40:52 | 000,000,132 | ---- | C] () -- C:\Windows\SysNative\rezumatenoi.dat
    [2010/05/28 08:57:19 | 000,000,931 | ---- | C] () -- C:\Users\Public\Desktop\Core FTP Lite.lnk
    [2010/05/28 08:46:20 | 000,420,800 | ---- | C] () -- C:\Windows\SysNative\drivers\vsconfig.xml
    [2010/05/27 18:23:05 | 000,002,016 | ---- | C] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg
    [2010/05/27 12:40:04 | 000,000,016 | ---- | C] () -- C:\Windows\SysNative\asdict.dat
    [2010/05/27 12:40:04 | 000,000,004 | ---- | C] () -- C:\Windows\SysNative\aspdict-en.dat
    [2010/05/27 12:40:04 | 000,000,000 | ---- | C] () -- C:\pcwords2.dat
    [2010/05/27 12:40:04 | 000,000,000 | ---- | C] () -- C:\pcwords.dat
    [2010/05/27 12:40:04 | 000,000,000 | ---- | C] () -- C:\pc_sign.slf
    [2010/05/27 12:40:04 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\ab_bl.sig
    [2010/05/27 12:40:03 | 000,000,000 | ---- | C] () -- C:\pcconf.ini
    [2010/05/27 11:31:42 | 000,000,385 | ---- | C] () -- C:\Windows\SysNative\user_gensett.xml
    [2010/05/27 10:19:39 | 000,137,570 | ---- | C] () -- C:\BdUninstallTool2010.05.27-10.19.39.reg
    [2010/05/26 18:45:23 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll.old
    [2010/05/26 07:25:40 | 000,634,474 | ---- | C] () -- C:\Users\Gary\Desktop\Web-Traffic-Mechanic.pdf
    [2010/05/25 12:26:51 | 000,000,290 | ---- | C] () -- C:\Users\Gary\Documents\SEOLDFASTINDEX.REG
    [2010/05/24 16:55:06 | 000,078,951 | ---- | C] () -- C:\Users\Gary\Desktop\LightningCashBlueprintsProcessMap.pdf
    [2010/05/24 16:54:56 | 000,794,435 | ---- | C] () -- C:\Users\Gary\Desktop\LightningCashBlueprints.pdf
    [2010/05/24 11:47:34 | 000,229,787 | ---- | C] () -- C:\Users\Gary\Desktop\Shoppers Safety Guide.pdf
    [2010/05/24 00:33:25 | 000,001,738 | ---- | C] () -- C:\Users\Gary\Desktop\Passwords-Karen tappart.rtf
    [2010/05/23 09:41:27 | 000,002,613 | ---- | C] () -- C:\Users\Public\Desktop\SerpAssist Lite!.lnk
    [2010/05/23 08:12:02 | 000,015,360 | -HS- | C] () -- C:\Users\Gary\Thumbs.db
    [2010/05/22 11:04:32 | 000,000,975 | ---- | C] () -- C:\Users\Gary\Desktop\Traffic Travis.lnk
    [2010/05/20 17:15:49 | 000,000,019 | ---- | C] () -- C:\Users\Public\Documents\CTDChannels_Version.3dc48cd1.cdf
    [2010/05/20 17:02:41 | 000,003,059 | ---- | C] () -- C:\Users\Gary\Desktop\Magic Article Submitter.lnk
    [2010/05/20 16:45:39 | 000,627,761 | ---- | C] () -- C:\Users\Gary\The Article Leverage System.pdf
    [2010/05/19 08:13:16 | 000,001,847 | ---- | C] () -- C:\Users\Gary\Desktop\CCleaner.lnk
    [2010/05/19 08:11:06 | 000,000,971 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/05/19 08:09:58 | 000,001,220 | ---- | C] () -- C:\Users\Gary\Desktop\Spybot - Search & Destroy.lnk
    [2010/05/18 16:35:29 | 000,001,738 | ---- | C] () -- C:\Users\Gary\Desktop\passwords.rtf
    [2010/05/18 11:27:32 | 001,079,461 | ---- | C] () -- C:\Users\Gary\Desktop\great research tool ever.pdf
    [2010/05/18 11:26:06 | 000,273,378 | ---- | C] () -- C:\Users\Gary\Desktop\Travis Niche Information.pdf
    [2010/05/17 18:40:02 | 000,000,019 | ---- | C] () -- C:\Users\Public\Documents\CTDChannels_Version.cd27244d.cdf
    [2010/05/17 09:55:52 | 000,103,249 | ---- | C] () -- C:\Users\Gary\Desktop\TripleProfitMultiplier-ProcessMap.pdf
    [2010/05/17 09:55:42 | 000,429,362 | ---- | C] () -- C:\Users\Gary\Desktop\TripleProfitMultiplier.pdf
    [2010/05/15 21:59:15 | 000,001,611 | ---- | C] () -- C:\Users\Gary\Desktop\DivX Movies.lnk
    [2010/05/15 21:58:57 | 000,001,074 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
    [2010/05/15 21:58:46 | 000,001,114 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
    [2010/05/13 20:05:14 | 000,711,168 | ---- | C] () -- C:\Windows\is-I3AKN.exe
    [2010/05/13 20:05:14 | 000,010,562 | ---- | C] () -- C:\Windows\is-I3AKN.msg
    [2010/05/13 20:05:14 | 000,000,583 | ---- | C] () -- C:\Windows\is-I3AKN.lst
    [2010/05/13 15:03:00 | 000,057,271 | ---- | C] () -- C:\Users\Gary\Desktop\500Bookmarking.pdf
    [2010/05/13 12:25:24 | 000,730,638 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2010/05/13 11:19:32 | 000,003,065 | ---- | C] () -- C:\Users\Gary\Desktop\Traffic Mania - RSSBot.lnk
    [2010/05/12 18:20:37 | 006,296,004 | ---- | C] () -- C:\Users\Gary\Desktop\ErnieFord.wmv
    [2010/05/12 13:52:31 | 000,001,736 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\OnlyWire.LNK
    [2010/05/12 12:46:34 | 000,072,080 | ---- | C] () -- C:\Users\Gary\g2mdlhlpx.exe
    [2010/05/12 12:08:09 | 000,000,993 | ---- | C] () -- C:\Users\Gary\Desktop\PIXresizer.lnk
    [2010/05/11 08:48:30 | 000,002,615 | ---- | C] () -- C:\Users\Public\Desktop\Magic Article Rewriter.lnk
    [2010/05/11 07:25:02 | 000,000,833 | ---- | C] () -- C:\Users\Public\Desktop\Article Submitter.lnk
    [2010/05/07 23:37:08 | 000,061,558 | ---- | C] () -- C:\Users\Gary\Documents\little girls.jpg
    [2010/05/07 23:32:21 | 000,000,024 | ---- | C] () -- C:\Windows\SW_Win3112X32.DLL
    [2010/05/07 23:32:04 | 001,220,608 | ---- | C] () -- C:\Windows\SysWow64\pdf2bmp.dll
    [2010/05/07 23:32:04 | 000,319,488 | ---- | C] () -- C:\Windows\SysWow64\WordConverterX2.ocx
    [2010/05/07 23:32:04 | 000,131,072 | ---- | C] () -- C:\Windows\SysWow64\CSVSpecialProcessing.dll
    [2010/05/07 23:32:04 | 000,000,823 | ---- | C] () -- C:\Users\Gary\Desktop\Convert Document To Image.lnk
    [2010/05/07 23:32:03 | 000,221,184 | ---- | C] () -- C:\Windows\SysWow64\SII_PDF.dll
    [2010/05/07 23:32:03 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\SARzilla.dll
    [2010/05/07 23:32:03 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\DVM.dll
    [2010/05/07 23:32:03 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\RegisterExe.exe
    [2010/05/07 23:32:03 | 000,000,530 | ---- | C] () -- C:\Windows\SysWow64\tx151ic.ini
    [2010/05/07 18:31:24 | 000,546,304 | ---- | C] () -- C:\Users\Gary\Documents\little girls.doc
    [2010/05/07 14:35:50 | 000,030,720 | ---- | C] () -- C:\Users\Gary\Documents\Chiggers.rrp
    [2010/05/07 08:57:33 | 000,075,057 | ---- | C] () -- C:\Users\Gary\Desktop\Walton-Feed-May-2-2010.csv
    [2010/05/07 01:57:10 | 000,007,168 | ---- | C] () -- C:\Users\Gary\Documents\Foreclosure.rrp
    [2010/05/07 01:05:21 | 000,000,736 | ---- | C] () -- C:\Users\Gary\Documents\Rapid Rewriter Article Spinner And MORE!.htm
    [2010/05/07 00:35:10 | 000,295,977 | ---- | C] () -- C:\Users\Gary\Documents\233Geek-Free-SEO.pdf
    [2010/05/06 23:41:55 | 000,059,035 | ---- | C] () -- C:\Users\Gary\Documents\Alzheimers_disease_prevention.html
    [2010/05/04 17:21:08 | 000,000,328 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForGary.job
    [2010/05/02 15:19:42 | 000,001,976 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
    [2010/05/02 15:18:56 | 000,000,957 | ---- | C] () -- C:\Users\Public\Desktop\Acrobat_com.lnk
    [2010/05/02 13:54:06 | 000,002,871 | ---- | C] () -- C:\Users\Gary\Desktop\Shortcut to TubeSucker.exe.lnk
    [2010/05/02 13:54:06 | 000,002,871 | ---- | C] () -- C:\Users\Gary\Desktop\Shortcut to ProgrammableTabBrowser.exe.lnk
    [2010/05/02 12:02:00 | 000,001,226 | ---- | C] () -- C:\Users\Gary\Desktop\Revo Uninstaller.lnk
    [2010/05/01 22:58:14 | 000,001,197 | ---- | C] () -- C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
    [2010/05/01 22:04:18 | 000,014,646 | ---- | C] () -- C:\Windows\SysNative\nvdisp.nvu
    [2010/05/01 16:26:42 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2010/05/01 16:26:41 | 000,000,890 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2010/05/01 11:05:21 | 000,000,974 | ---- | C] () -- C:\Users\Gary\AppData\Roaming\wklnhst.dat
    [2010/04/27 14:49:23 | 000,000,991 | ---- | C] () -- C:\Users\Gary\Desktop\magicJack.lnk
    [2010/04/27 14:25:22 | 000,082,289 | ---- | C] () -- C:\Windows\SysNative\lvcoin64.ini
    [2010/04/27 14:24:55 | 000,002,085 | ---- | C] () -- C:\Users\Public\Desktop\Logitech Webcam Software.lnk
    [2010/04/27 14:07:37 | 000,000,544 | ---- | C] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
    [2010/04/27 14:06:31 | 001,835,008 | -HS- | C] () -- C:\Users\Gary\NTUSER.DAT
    [2010/04/27 14:06:31 | 000,524,288 | -HS- | C] () -- C:\Users\Gary\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
    [2010/04/27 14:06:31 | 000,524,288 | -HS- | C] () -- C:\Users\Gary\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
    [2010/04/27 14:06:31 | 000,262,144 | -HS- | C] () -- C:\Users\Gary\ntuser.dat.LOG1
    [2010/04/27 14:06:31 | 000,065,536 | -HS- | C] () -- C:\Users\Gary\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
    [2010/04/27 14:06:31 | 000,000,020 | -HS- | C] () -- C:\Users\Gary\ntuser.ini
    [2010/04/27 14:06:31 | 000,000,000 | -HS- | C] () -- C:\Users\Gary\ntuser.dat.LOG2
    [2010/04/25 01:23:26 | 000,315,535 | ---- | C] () -- C:\Users\Gary\Desktop\LinkChecker.zip
    [2010/04/25 00:53:03 | 001,391,203 | ---- | C] () -- C:\Users\Gary\Desktop\50 Sites Pay To Write-Personal.zip
    [2009/09/29 16:25:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
    [2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
    [2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

    ========== LOP Check ==========

    [2010/05/22 11:04:32 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\Affilorama
    [2010/05/29 14:37:10 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\BitDefender
    [2010/05/28 08:48:02 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\CheckPoint
    [2010/06/04 05:30:35 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\EditPlus 3
    [2010/05/02 14:56:44 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\Foxit Software
    [2010/06/02 18:19:25 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\GoodSync
    [2010/05/07 22:36:16 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\IrfanView
    [2010/04/27 14:26:28 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\Leadertech
    [2010/06/04 07:33:05 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\mjusbsp
    [2010/05/13 18:58:58 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\NetSpell
    [2010/05/01 22:57:37 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\OpenOffice.org
    [2010/04/27 14:09:54 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\PictureMover
    [2010/05/01 11:05:23 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\Template
    [2010/05/27 10:27:23 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\The Shield Deluxe
    [2010/05/29 10:21:49 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\Thunderbird
    [2010/04/27 14:31:52 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\WinBatch
    [2010/05/31 18:17:54 | 000,000,544 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job
    [2009/07/13 22:08:49 | 000,013,352 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < >

    < >

    < %SYSTEMDRIVE%\*.exe >
    [2007/11/07 08:44:20 | 000,855,040 | ---- | M] (Microsoft Corporation) -- C:\install.exe


    < MD5 for: AGP440.SYS >
    [2009/07/13 18:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
    [2009/07/13 18:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

    < MD5 for: ATAPI.SYS >
    [2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
    [2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

    < MD5 for: CNGAUDIT.DLL >
    [2009/07/13 18:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
    [2009/07/13 18:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
    [2009/07/13 18:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
    [2009/07/13 18:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

    < MD5 for: EVENTLOG.DLL >
    [2007/05/17 22:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files (x86)\Cyberlink\PowerDirector\EventLog.dll

    < MD5 for: EXPLORER.EXE >
    [2009/10/05 23:06:36 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_b8b0208ee0ce1889\explorer.exe
    [2009/07/13 18:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
    [2009/10/30 22:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe
    [2009/10/30 22:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe
    [2009/10/30 22:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
    [2009/10/05 23:35:29 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=6D4F9E4B640B413C6F73414327484C80 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_addea9f19345cd81\explorer.exe
    [2009/08/02 23:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
    [2009/10/30 23:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\explorer.exe
    [2009/10/30 23:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
    [2009/08/02 22:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
    [2009/10/30 23:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
    [2009/08/02 22:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
    [2009/07/13 18:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
    [2009/10/30 23:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
    [2009/10/05 23:31:09 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=CA17F8620815267DC838E30B68CB5052 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b763cac6d568e\explorer.exe
    [2009/08/02 23:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
    [2009/10/05 22:53:03 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_b8335443c7a68f7c\explorer.exe

    < MD5 for: IASTORV.SYS >
    [2009/07/13 18:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
    [2009/07/13 18:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

    < MD5 for: NETLOGON.DLL >
    [2009/07/13 18:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
    [2009/07/13 18:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
    [2009/07/13 18:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
    [2009/07/13 18:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

    < MD5 for: NVSTOR.SYS >
    [2009/07/13 18:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
    [2009/07/13 18:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys

    < MD5 for: SCECLI.DLL >
    [2009/07/13 18:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
    [2009/07/13 18:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
    [2009/07/13 18:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
    [2009/07/13 18:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

    < MD5 for: USERINIT.EXE >
    [2009/07/13 18:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
    [2009/07/13 18:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
    [2009/07/13 18:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
    [2009/07/13 18:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe

    < %systemroot%\*. /mp /s >

    < %systemroot%\system32\*.dll /lockedfiles >

    < %systemroot%\Tasks\*.job /lockedfiles >

    < %systemroot%\system32\drivers\*.sys /lockedfiles >

    < %systemroot%\System32\config\*.sav >
    < End of report >
     
    JustinCase,
    #11
  13. 2010/06/04
    JustinCase

    JustinCase Inactive Thread Starter

    Joined:
    2010/05/29
    Messages:
    39
    Likes Received:
    0
    OTL Extras logfile created on: 6/4/2010 10:21:45 AM - Run 1
    OTL by OldTimer - Version 3.2.5.3 Folder = C:\Users\Gary\Desktop
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 47.00% Memory free
    8.00 Gb Paging File | 6.00 Gb Available in Paging File | 72.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 287.19 Gb Total Space | 236.07 Gb Free Space | 82.20% Space Free | Partition Type: NTFS
    Drive D: | 10.80 Gb Total Space | 1.55 Gb Free Space | 14.33% Space Free | Partition Type: NTFS
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded
    Drive L: | 232.88 Gb Total Space | 109.02 Gb Free Space | 46.81% Space Free | Partition Type: NTFS

    Computer Name: GARY-PC
    Current User Name: Gary
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Include 64bit Scans
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 90 Days
    Output = Standard
    Quick Scan

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %* File not found
    cmdfile [open] -- "%1" %* File not found
    comfile [open] -- "%1" %* File not found
    exefile [open] -- "%1" %* File not found
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll ",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %* File not found
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1" File not found
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S File not found
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1 ",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1 "
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll ",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1 "
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    ========== Authorized Applications List ==========


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{88E60521-1E4E-4785-B9F1-1798A4BD0C30}" = HP MediaSmart SmartMenu
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{987FE247-4E69-4A2E-A961-D14F901FDBF6}" = Logitech Webcam Software
    "{A07F0CC3-40FC-46AF-91B1-09ECF546057D}" = SEO Link Dominator - fast Indexer and Pinger
    "{B26B00DA-2E5D-4CF2-83C5-911198C0F009}" = GoodSync
    "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    "{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
    "LSI Soft Modem" = LSI PCI-SV92EX Soft Modem
    "lvdrivers_12.10" = Logitech Webcam Software Driver Package
    "NVIDIA Drivers" = NVIDIA Drivers
    "OfficeTrial" = Microsoft Office Home and Student 60 day trial
    "PC-Doctor for Windows" = Hardware Diagnostic Tools
    "ZoneAlarm Toolbar" = ZoneAlarm Toolbar

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
    "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
    "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
    "{17B4760F-334B-475D-829F-1A3E94A6A4E6}" = HP Setup
    "{1896E712-2B3D-45eb-BCE9-542742A51032}" = PictureMover
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
    "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
    "{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
    "{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
    "{35021DFB-F9CA-402A-89A2-47F91E506465}" = HP MediaSmart/TouchSmart Netflix
    "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
    "{3F9D3AF5-BB74-474A-92C8-410839303DB5}" = TubeSucker
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
    "{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
    "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
    "{5431746A-60A3-4529-8A07-A7B726FF35A5}" = CommentKahuna
    "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
    "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
    "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
    "{6ADD0603-16EF-400D-9F9E-486432835002}" = OpenOffice.org 3.2
    "{6D5A23C9-D061-4C94-BB48-1A3614698B06}" = Magic Submitter
    "{7387442F-CB81-4775-96FA-C038CF479C3E}" = Magic Tokens Database 2.0
    "{7FC8C210-A319-4835-A87D-B935EFB4C148}" = Microsoft Live Search Toolbar
    "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
    "{8198DD04-D0F6-4674-A2D9-E6546347D62D}" = RSSBot
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
    "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8FC64863-2C70-4FA5-A08D-9115894D4D2E}" = SERPAssist Lite!
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90300409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9DEF9686-CCB2-47B7-BF83-B49EA21FA016}" = HP MediaSmart Demo
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A85CDBC3-BEDF-4243-A107-4BF81351F84B}" = Magic Article Submitter
    "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
    "{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B60DCA15-56A3-4D2D-8747-22CF7D7B588B}" = HP Support Assistant
    "{B6D8028B-B6FA-52FB-339A-7FD07E21D78B}" = ASHelper
    "{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
    "{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}" = HP Support Information
    "{BEDE6836-8ED5-4444-B895-CE54968CFC4C}" = Magic Article Rewriter
    "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "{C611CF88-969D-43E6-A877-D6D6439DD081}" = HP Remote Solution
    "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software
    "{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
    "{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
    "{D9CB84BA-4461-44C3-BD33-6752D234AE4F}" = Magic Article Submitter
    "{DA0A5873-4B54-4179-9C0C-BA313C56EA37}" = Mindjet MindManager Viewer 6
    "{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
    "{DF802C05-4660-418c-970C-B988ADB1D316}" = Microsoft Live Search Toolbar
    "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
    "{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
    "{ED34F80D-850F-449A-A715-099E9E6C628D}" = Proxy Scraper
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
    "{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
    "{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
    "{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
    "ActiveScan 2.0" = Panda ActiveScan 2.0
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "AI RoboForm" = AI RoboForm (All Users)
    "ashelper.ASHelper.46130C60F2252FA5A4446077F84AA968F38F8488.1" = ASHelper
    "avast5" = avast! Free Antivirus
    "CCleaner" = CCleaner
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "Convert Document To Image_is1" = Convert Document To Image
    "Core FTP LE 2.1" = Core FTP LE 2.1
    "DE273599-96B0-4836-97C2-B2025C625F81" = The Authority Loophole
    "DivX Setup.divx.com" = DivX Setup
    "Doc-Docx to Image Converter 3000_is1" = Doc-Docx to Image Converter 3000 7.4
    "EditPlus 3" = EditPlus 3
    "Foxit Reader" = Foxit Reader
    "Free-Buttons.org" = Free-Buttons.org
    "Google Chrome" = Google Chrome
    "HP Remote Solution" = HP Remote Solution
    "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
    "InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
    "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
    "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
    "InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
    "IrfanView" = IrfanView (remove only)
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Micro Niche Finder 5.0_is1" = Micro Niche Finder 5.0
    "Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
    "Mozilla Thunderbird (3.0.4)" = Mozilla Thunderbird (3.0.4)
    "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
    "OnlyWire" = OnlyWire
    "Picasa 3" = Picasa 3
    "PIXresizer_is1" = PIXresizer 2.0.4
    "Revo Uninstaller" = Revo Uninstaller 1.88
    "Traffic Travis_is1" = Traffic Travis 3.2.6
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WinRAR archiver" = WinRAR archiver
    "XHeader" = XHeader
    "ZoneAlarm" = ZoneAlarm

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "GoToMeeting" = GoToMeeting 4.5.0.457
    "LastPass" = LastPass (uninstall only)

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 5/27/2010 2:06:10 PM | Computer Name = Gary-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: avgchsva.exe, version: 9.0.0.794, time
    stamp: 0x4b98e2bd Faulting module name: smum64.dll, version: 7.0.0.9, time stamp:
    0x4aa72201 Exception code: 0xc0000417 Fault offset: 0x0000000000002cc0 Faulting process
    id: 0x26c Faulting application start time: 0x01cafdc6af502ea0 Faulting application
    path: C:\Program Files (x86)\AVG\AVG9\avgchsva.exe Faulting module path: C:\Program
    Files (x86)\Spyware Doctor\smum64.dll Report Id: 86ddb310-69ba-11df-a6f5-e0cb4e4ccbb1

    Error - 5/27/2010 2:19:52 PM | Computer Name = Gary-PC | Source = System Restore | ID = 8193
    Description =

    Error - 5/27/2010 2:20:36 PM | Computer Name = Gary-PC | Source = System Restore | ID = 8193
    Description =

    Error - 5/27/2010 2:22:26 PM | Computer Name = Gary-PC | Source = System Restore | ID = 8193
    Description =

    Error - 5/27/2010 2:23:34 PM | Computer Name = Gary-PC | Source = System Restore | ID = 8193
    Description =

    Error - 5/27/2010 2:24:22 PM | Computer Name = Gary-PC | Source = System Restore | ID = 8193
    Description =

    Error - 5/27/2010 2:24:26 PM | Computer Name = Gary-PC | Source = pctsSvc.exe | ID = 0
    Description =

    Error - 5/27/2010 11:01:38 PM | Computer Name = Gary-PC | Source = System Restore | ID = 8193
    Description =

    Error - 5/28/2010 3:40:59 AM | Computer Name = Gary-PC | Source = SideBySide | ID = 16842815
    Description = Activation context generation failed for "c:\Program Files (x86)\Common
    Files\Adobe AIR\Versions\1.0\Adobe AIR.dll ".Error in manifest or policy file "c:\Program
    Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
    "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
    "version" in element "assemblyIdentity" is invalid.

    Error - 5/28/2010 3:43:55 AM | Computer Name = Gary-PC | Source = SideBySide | ID = 16842815
    Description = Activation context generation failed for "c:\program files (x86)\spybot
    - search & destroy\DelZip179.dll ".Error in manifest or policy file "c:\program
    files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
    attribute "language" in element "assemblyIdentity" is invalid.

    [ Media Center Events ]
    Error - 5/9/2010 12:49:51 PM | Computer Name = Gary-PC | Source = MCUpdate | ID = 0
    Description = 9:49:49 AM - Error connecting to the internet. 9:49:49 AM - Unable
    to contact server..

    Error - 5/9/2010 1:50:33 PM | Computer Name = Gary-PC | Source = MCUpdate | ID = 0
    Description = 10:50:31 AM - Error connecting to the internet. 10:50:31 AM - Unable
    to contact server..

    Error - 6/3/2010 12:04:25 AM | Computer Name = Gary-PC | Source = MCUpdate | ID = 0
    Description = 9:04:25 PM - Error connecting to the internet. 9:04:25 PM - Unable
    to contact server..

    Error - 6/3/2010 12:04:59 AM | Computer Name = Gary-PC | Source = MCUpdate | ID = 0
    Description = 9:04:55 PM - Error connecting to the internet. 9:04:55 PM - Unable
    to contact server..

    [ System Events ]
    Error - 5/31/2010 9:46:04 PM | Computer Name = Gary-PC | Source = Service Control Manager | ID = 7016
    Description = The NVIDIA Display Driver Service service has reported an invalid
    current state 32.

    Error - 5/31/2010 9:47:03 PM | Computer Name = Gary-PC | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    is3srv szkg5

    Error - 5/31/2010 9:54:47 PM | Computer Name = Gary-PC | Source = Service Control Manager | ID = 7016
    Description = The NVIDIA Display Driver Service service has reported an invalid
    current state 32.

    Error - 5/31/2010 9:55:44 PM | Computer Name = Gary-PC | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    is3srv szkg5

    Error - 6/1/2010 2:53:46 AM | Computer Name = Gary-PC | Source = Service Control Manager | ID = 7016
    Description = The NVIDIA Display Driver Service service has reported an invalid
    current state 32.

    Error - 6/1/2010 2:54:39 AM | Computer Name = Gary-PC | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    is3srv szkg5

    Error - 6/1/2010 3:00:26 AM | Computer Name = Gary-PC | Source = Service Control Manager | ID = 7016
    Description = The NVIDIA Display Driver Service service has reported an invalid
    current state 32.

    Error - 6/1/2010 3:01:26 AM | Computer Name = Gary-PC | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    is3srv szkg5

    Error - 6/1/2010 3:12:38 AM | Computer Name = Gary-PC | Source = Service Control Manager | ID = 7016
    Description = The NVIDIA Display Driver Service service has reported an invalid
    current state 32.

    Error - 6/1/2010 3:13:24 AM | Computer Name = Gary-PC | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    is3srv szkg5


    < End of report >
     
    JustinCase,
    #12
  14. 2010/06/04
    JustinCase

    JustinCase Inactive Thread Starter

    Joined:
    2010/05/29
    Messages:
    39
    Likes Received:
    0
    All settings are as directed in the BSView. At the bottom it posts "0 crashes" and refreshing shows the same.

    The blue screens appears on my powerdown to restart. It is not a happening during normal operation. Maybe that explains why they do not show.
     
    JustinCase,
    #13
  15. 2010/06/04
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    I don't really see much here.
    Define "sluggish" please.

    Run OTL
    • Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following

      Code:
      :OTL
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll File not found
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O33 - MountPoints2\F\Shell\AutoRun\command - " " = F:\autorun.exe -- File not found
O33 - MountPoints2\F\Shell\phone\command - " " = F:\autorun.exe -- File not found
[2010/05/05 19:26:59 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee


:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
[Reboot]
    • Then click the [color= "#FF0000"]Run Fix[/color] button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.
    • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
     
    broni,
    #14
  16. 2010/06/04
    JustinCase

    JustinCase Inactive Thread Starter

    Joined:
    2010/05/29
    Messages:
    39
    Likes Received:
    0
    It seems to run ok speed wise. Not a problem. It is on the shut down it takes 2 or 3 times longer than normal. It acts like it has issues it is trying to resolve.
     
    JustinCase,
    #15
  17. 2010/06/04
    JustinCase

    JustinCase Inactive Thread Starter

    Joined:
    2010/05/29
    Messages:
    39
    Likes Received:
    0
    All processes killed
    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
    File F:\autorun.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
    File F:\autorun.exe not found.
    C:\ProgramData\McAfee\MCLOGS\PartnerCustom\SSScheduler folder moved successfully.
    C:\ProgramData\McAfee\MCLOGS\PartnerCustom\SecurityScan_Release folder moved successfully.
    C:\ProgramData\McAfee\MCLOGS\PartnerCustom folder moved successfully.
    C:\ProgramData\McAfee\MCLOGS folder moved successfully.
    C:\ProgramData\McAfee folder moved successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: AppData

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Gary
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 5970142 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 77707095 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 3408 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 5820706 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 49621 bytes
    RecycleBin emptied: 191042326 bytes

    Total Files Cleaned = 268.00 mb


    [EMPTYFLASH]

    User: All Users

    User: AppData

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Gary
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb

    C:\Windows\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully

    OTL by OldTimer - Version 3.2.5.3 log created on 06042010_105722

    Files\Folders moved on Reboot...
    C:\Users\Gary\AppData\Local\Mozilla\Firefox\Profiles\2jp1mb9m.default\Cache\_CACHE_001_ moved successfully.
    C:\Users\Gary\AppData\Local\Mozilla\Firefox\Profiles\2jp1mb9m.default\Cache\_CACHE_002_ moved successfully.
    C:\Users\Gary\AppData\Local\Mozilla\Firefox\Profiles\2jp1mb9m.default\Cache\_CACHE_003_ moved successfully.
    C:\Users\Gary\AppData\Local\Mozilla\Firefox\Profiles\2jp1mb9m.default\Cache\_CACHE_MAP_ moved successfully.
    C:\Users\Gary\AppData\Local\Mozilla\Firefox\Profiles\2jp1mb9m.default\urlclassifier3.sqlite moved successfully.
    File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.
    File\Folder C:\Windows\temp\logishrd\LVPrcInj05.dll not found!
    File\Folder C:\Windows\temp\logishrd\LVPrcInj06.dll not found!
    File\Folder C:\Windows\temp\ZLT052bc.TMP not found!

    Registry entries deleted on Reboot...
     
    JustinCase,
    #16
  18. 2010/06/04
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Download HijackThis:
    http://free.antivirus.com/hijackthis/
    by clicking on Installer under Version 2.0.4
    Install, and run it.
    Post HijackTHis log.
    Do NOT attempt to fix anything!

    NOTE. If you're using Vista, or 7, right click on HijackThis, and click Run as Administrator
     
    broni,
    #17
  19. 2010/06/04
    JustinCase

    JustinCase Inactive Thread Starter

    Joined:
    2010/05/29
    Messages:
    39
    Likes Received:
    0
    Hijacked is denied write access to Hosts file. After hijack runs and asks to save log it will not allow it to save it or create on in Notepad. I cannot copy and past from the program itself.

    "Cannot find the C:\programfiles(x86)\TrendMicro\HiJackthis.log file. Do you want to create another file?" when I click yes I get a blank sheet.

    Also I there are no "run as administrator" options from the download or shortcut. I only see install, repair or uninstall options.
     
    Last edited: 2010/06/04
    JustinCase,
    #18
  20. 2010/06/04
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    broni,
    #19
  21. 2010/06/04
    JustinCase

    JustinCase Inactive Thread Starter

    Joined:
    2010/05/29
    Messages:
    39
    Likes Received:
    0
    B-i-n-g-o

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2:22:12 PM, on 6/4/2010
    Platform: Unknown Windows (WinNT 6.01.3504)
    MSIE: Internet Explorer v8.00 (8.00.7600.16385)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
    C:\Program Files (x86)\OnlyWire\OnlyWireWindows.exe
    C:\Program Files (x86)\Java\jre6\bin\javaw.exe
    C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
    C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
    c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
    C:\Users\Gary\AppData\Roaming\mjusbsp\magicJack.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\SysWOW64\java.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\DivX\DivX Plus Player\DivX Plus Player.exe
    L:\ThunderbirdPortable\ThunderbirdPortable.exe
    L:\ThunderbirdPortable\App\thunderbird\thunderbird.exe
    C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: ZoneAlarm Toolbar - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files (x86)\ZoneAlarm\tbZone.dll
    O1 - Hosts: ÿþ127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
    O2 - BHO: ZoneAlarm Toolbar - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files (x86)\ZoneAlarm\tbZone.dll
    O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
    O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    O3 - Toolbar: ZoneAlarm Toolbar - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files (x86)\ZoneAlarm\tbZone.dll
    O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe "
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe "
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe "
    O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
    O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    O4 - HKCU\..\Run: [Logitech Vid] "C:\Program Files (x86)\Logitech\Logitech Vid\vid.exe" -bootmode
    O4 - HKCU\..\Run: [cdloader] "C:\Users\Gary\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe "
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
    O4 - Global Startup: OnlyWire.LNK = ?
    O4 - Global Startup: PictureMover.lnk = C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
    O8 - Extra context menu item: Customize Menu - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    O8 - Extra context menu item: Fill Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O8 - Extra context menu item: RoboForm Options - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComOptions.html
    O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O8 - Extra context menu item: Save Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agr64svc.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Process Monitor (LVPrcS64) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 12722 bytes
     
    JustinCase,
    #20
Page 1 of 2

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...