1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Inactive All Security Programs Unavailable

Discussion in 'Malware and Virus Removal Archive' started by thunderclan, 2011/10/11.

Thread Status:
Not open for further replies.
Page 2 of 3
  1. 2011/10/15
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Yes, there is a size limit.
    Try to split the log between couple of replies.
     
    broni,
    #21
  2. 2011/10/15
    thunderclan

    thunderclan Inactive Thread Starter

    Joined:
    2011/10/11
    Messages:
    31
    Likes Received:
    0
    OTL logfile created on: 10/15/2011 1:57:04 PM - Run 1
    OTL by OldTimer - Version 3.2.30.0 Folder = C:\Users\Lucas\Desktop
    Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.19088)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 2.08 Gb Available Physical Memory | 69.47% Memory free
    6.20 Gb Paging File | 4.62 Gb Available in Paging File | 74.52% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 454.73 Gb Total Space | 143.20 Gb Free Space | 31.49% Space Free | Partition Type: NTFS
    Drive D: | 11.03 Gb Total Space | 3.68 Gb Free Space | 33.40% Space Free | Partition Type: NTFS

    Computer Name: ZIGGAMEMACHINE | User Name: Lucas | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/10/15 13:55:57 | 000,583,168 | ---- | M] (OldTimer Tools) -- C:\Users\Lucas\Desktop\OTL.exe
    PRC - [2011/10/15 10:35:59 | 000,174,592 | ---- | M] () -- C:\Windows\Temp\258.exe
    PRC - [2011/10/14 18:42:59 | 000,121,344 | -HS- | M] () -- C:\Windows\Temp\winupd.exe
    PRC - [2011/07/28 21:35:54 | 000,401,408 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
    PRC - [2011/07/28 21:35:26 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
    PRC - [2011/06/16 07:55:12 | 006,276,408 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    PRC - [2010/10/18 07:01:05 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
    PRC - [2010/09/02 15:23:28 | 001,638,400 | ---- | M] (Eastman Kodak Company) -- C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
    PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    PRC - [2010/02/22 17:30:52 | 000,266,240 | ---- | M] () -- C:\Program Files\HP Button Manager\BM.exe
    PRC - [2009/04/25 11:56:42 | 000,068,592 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
    PRC - [2008/10/28 23:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2008/10/20 21:18:26 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
    PRC - [2008/09/18 10:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
    PRC - [2008/09/16 13:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
    PRC - [2007/10/30 21:35:58 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
    PRC - [2007/09/13 17:22:04 | 005,252,936 | ---- | M] (SpareBackup, Inc.) -- C:\Program Files\Spare Backup\SpareBackup.exe
    PRC - [2006/11/07 15:34:26 | 000,053,248 | ---- | M] (Chicony) -- C:\Windows\ModPS2Key.exe
    PRC - [2006/11/07 15:08:40 | 000,547,840 | ---- | M] () -- C:\Windows\zHotkey.exe
    PRC - [2006/09/06 13:12:46 | 000,323,216 | ---- | M] (Napster) -- C:\Program Files\Napster\napster.exe
    PRC - [2006/03/21 18:30:00 | 001,191,936 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
    PRC - [2005/03/09 21:50:18 | 000,018,944 | ---- | M] (http://libusb-win32.sourceforge.net) -- C:\Windows\System32\libusbd-nt.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/10/15 10:35:59 | 000,174,592 | ---- | M] () -- C:\Windows\Temp\258.exe
    MOD - [2011/10/14 18:42:59 | 000,121,344 | -HS- | M] () -- C:\Windows\Temp\winupd.exe
    MOD - [2011/10/13 19:12:58 | 000,171,520 | ---- | M] () -- C:\Users\Lucas\AppData\Local\Apple\AppleUpdate\Appleupdt32.dll
    MOD - [2011/10/13 19:12:58 | 000,140,288 | ---- | M] () -- C:\ProgramData\JavaProfilePolicy.dll
    MOD - [2011/08/18 20:43:42 | 000,103,424 | ---- | M] () -- C:\Program Files\Google\Quick Search Box\bin\1.2.1151.245\rlz.dll
    MOD - [2011/07/28 20:52:40 | 000,037,376 | ---- | M] () -- C:\Windows\System32\atitmpxx.dll
    MOD - [2011/06/16 07:55:10 | 000,925,696 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
    MOD - [2011/06/16 07:55:10 | 000,078,336 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\pcre.dll
    MOD - [2011/06/16 03:46:47 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\e3180b4230f052996adb81da3dc64ad0\System.Management.ni.dll
    MOD - [2011/06/16 03:45:25 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\81a310f5bd696b74485a513680672a5e\System.Web.Services.ni.dll
    MOD - [2011/06/16 03:45:23 | 011,800,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\0a1195c6b5fab213527364c9e8b26ef0\System.Web.ni.dll
    MOD - [2011/06/16 03:45:16 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\1ba19f8efcff8ad7f972aa38ab9a15f5\System.Runtime.Remoting.ni.dll
    MOD - [2011/06/16 03:45:14 | 000,627,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\1c06ada12457242969cdc35d5af12b01\System.EnterpriseServices.ni.dll
    MOD - [2011/06/16 03:45:14 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\fdbb4d76b37aada9010c49a6e09da067\System.Transactions.ni.dll
    MOD - [2011/06/16 03:44:51 | 000,679,936 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\6a39ee17f7cefb77c8e98dbfb72b058b\System.Security.ni.dll
    MOD - [2011/06/16 03:44:50 | 002,509,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\704224ec5873fd04d99c53cf70ea9490\System.Data.SqlXml.ni.dll
    MOD - [2011/06/16 03:44:48 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\aa3e053d433c48e1e8c3f436b4de1ed3\System.Configuration.ni.dll
    MOD - [2011/06/16 03:44:47 | 000,015,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\a96b02abbfcaae424cfb91a198a9e0e9\Microsoft.VisualC.ni.dll
    MOD - [2011/06/16 03:44:46 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d9228d58804dfd75fd92a4d12ffac8af\Accessibility.ni.dll
    MOD - [2011/06/16 03:43:23 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll
    MOD - [2011/06/16 03:43:08 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll
    MOD - [2011/06/16 03:42:59 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll
    MOD - [2011/06/16 03:42:47 | 006,616,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\ca69ec9d6589d3526ee38212ef28e2bb\System.Data.ni.dll
    MOD - [2011/06/16 03:42:03 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll
    MOD - [2011/06/16 03:41:48 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
    MOD - [2010/02/22 17:30:52 | 000,266,240 | ---- | M] () -- C:\Program Files\HP Button Manager\BM.exe
    MOD - [2009/02/06 19:21:36 | 000,200,704 | ---- | M] () -- C:\Program Files\ImageConverter Plus\gpgate.dll
    MOD - [2009/02/06 18:44:00 | 006,770,688 | ---- | M] () -- C:\Program Files\ImageConverter Plus\fpdf.dll
    MOD - [2009/02/06 18:42:28 | 001,343,488 | ---- | M] () -- C:\Program Files\ImageConverter Plus\fcnv.dll
    MOD - [2009/02/06 18:29:30 | 000,020,992 | ---- | M] () -- C:\Program Files\ImageConverter Plus\MemHandler.dll
    MOD - [2009/02/06 18:28:08 | 001,163,264 | ---- | M] () -- C:\Program Files\ImageConverter Plus\fcrtl.dll
    MOD - [2008/07/27 11:03:15 | 002,933,248 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    MOD - [2008/07/27 11:03:15 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
    MOD - [2008/01/19 00:35:15 | 000,223,232 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll
    MOD - [2008/01/19 00:35:15 | 000,223,232 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll
    MOD - [2007/11/23 17:20:50 | 000,708,608 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.Web.Services2\2.0.3.0__31bf3856ad364e35\Microsoft.Web.Services2.dll
    MOD - [2007/09/20 18:34:58 | 000,129,024 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
    MOD - [2007/04/03 08:05:24 | 000,577,096 | ---- | M] () -- C:\Program Files\Spare Backup\System.Data.SQLite.DLL
    MOD - [2007/04/03 08:04:54 | 000,183,880 | ---- | M] () -- C:\Program Files\Spare Backup\UberCrypto.dll
    MOD - [2006/11/07 15:08:40 | 000,547,840 | ---- | M] () -- C:\Windows\zHotkey.exe


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Auto | Stopped] -- -- (MSMQSVC)
    SRV - [2011/10/03 16:53:20 | 000,794,984 | ---- | M] (BitRaider, LLC) [Disabled | Stopped] -- C:\ProgramData\bitraider\BRSptSvc.exe -- (BRSptSvc)
    SRV - [2011/09/21 16:05:34 | 003,542,616 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_b31de1e.dll -- (Akamai)
    SRV - [2011/07/28 21:35:26 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
    SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
    SRV - [2010/01/19 12:59:00 | 003,595,660 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
    SRV - [2009/02/18 02:34:55 | 000,570,880 | ---- | M] (Crawler.com) [Auto | Stopped] -- C:\Program Files\Spyware Terminator\sp_rsser.exe -- (sp_rssrv)
    SRV - [2008/12/01 16:29:03 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
    SRV - [2008/10/20 21:18:26 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
    SRV - [2008/10/17 16:52:10 | 000,149,352 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice)
    SRV - [2008/10/17 16:52:10 | 000,149,352 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
    SRV - [2008/10/17 16:52:10 | 000,149,352 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
    SRV - [2008/10/17 16:52:10 | 000,149,352 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
    SRV - [2008/09/18 10:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
    SRV - [2008/09/16 13:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0)
    SRV - [2008/05/05 15:25:46 | 000,165,416 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\Gateway Games\Gateway Game Console\GameConsoleService.exe -- (GameConsoleService)
    SRV - [2008/02/03 18:33:07 | 001,251,720 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
    SRV - [2007/08/31 12:49:50 | 000,243,064 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
    SRV - [2007/08/22 21:35:22 | 003,192,184 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
    SRV - [2007/08/21 08:21:30 | 000,055,640 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)
    SRV - [2007/06/07 01:50:14 | 000,538,096 | ---- | M] ( ) [Disabled | Stopped] -- C:\Windows\System32\dlbtcoms.exe -- (dlbt_device)
    SRV - [2005/03/09 21:50:18 | 000,018,944 | ---- | M] (http://libusb-win32.sourceforge.net) [Auto | Running] -- C:\Windows\System32\libusbd-nt.exe -- (libusbd)
    SRV - [2005/02/09 13:59:00 | 000,014,165 | ---- | M] (Pinnacle Systems GmbH) [Auto | Stopped] -- C:\Windows\System32\drivers\Pclepci.sys -- (PCLEPCI)


    ========== Driver Services (SafeList) ==========

    DRV - [2011/10/03 17:16:06 | 000,061,312 | ---- | M] (BitRaider) [File_System | On_Demand | Stopped] -- C:\ProgramData\bitraider\BRDriver.sys -- (BRDriver)
    DRV - [2011/07/28 22:22:06 | 008,396,800 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
    DRV - [2011/07/28 22:22:06 | 008,396,800 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
    DRV - [2011/07/28 20:53:48 | 000,247,296 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
    DRV - [2011/02/27 01:28:59 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
    DRV - [2011/02/27 01:28:59 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
    DRV - [2010/08/12 12:07:50 | 000,292,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVNET)
    DRV - [2010/08/12 12:07:50 | 000,292,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
    DRV - [2009/12/29 17:04:35 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
    DRV - [2009/05/03 20:32:16 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
    DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
    DRV - [2009/02/19 11:31:42 | 000,024,112 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)
    DRV - [2009/02/19 11:31:18 | 000,041,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMNDISV.SYS -- (SYMNDISV)
    DRV - [2009/02/19 11:31:16 | 000,184,496 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
    DRV - [2009/02/19 11:31:16 | 000,096,560 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMFW.SYS -- (SYMFW)
    DRV - [2009/02/19 11:31:16 | 000,022,320 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
    DRV - [2009/02/19 11:31:16 | 000,013,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
    DRV - [2009/02/18 02:34:55 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Spyware Terminator\fileobjinfo.sys -- (FileObjInfo)
    DRV - [2009/01/17 20:48:29 | 000,124,464 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
    DRV - [2008/09/05 15:31:42 | 000,447,024 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
    DRV - [2008/08/20 10:58:58 | 000,009,200 | ---- | M] (Sonic Solutions) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\cdralw2k.sys -- (Cdralw2k)
    DRV - [2008/07/30 17:42:12 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\COH_Mon.sys -- (COH_Mon)
    DRV - [2008/04/24 14:06:40 | 000,017,920 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
    DRV - [2008/03/18 01:00:00 | 000,895,408 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20080402.021\NAVEX15.SYS -- (NAVEX15)
    DRV - [2008/03/18 01:00:00 | 000,082,256 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20080402.021\NAVENG.SYS -- (NAVENG)
    DRV - [2008/02/13 09:18:22 | 000,261,680 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Definitions\SymcData\ipsdefs\20080401.001\IDSvix86.sys -- (IDSvix86)
    DRV - [2008/01/22 02:00:00 | 000,385,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
    DRV - [2008/01/22 02:00:00 | 000,109,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
    DRV - [2007/12/01 00:57:12 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
    DRV - [2007/12/01 00:57:12 | 000,279,088 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
    DRV - [2007/12/01 00:57:12 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
    DRV - [2007/08/09 18:12:30 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
    DRV - [2007/08/08 00:39:56 | 000,036,056 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CO_Mon.sys -- (CO_Mon)
    DRV - [2007/06/29 09:11:02 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
    DRV - [2007/06/20 03:28:38 | 000,267,264 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
    DRV - [2007/01/04 11:07:00 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MarvinBus.sys -- (MarvinBus)
    DRV - [2006/11/02 00:30:56 | 002,589,184 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw2v32.sys -- (NETw2v32) Intel(R)
    DRV - [2006/11/02 00:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
    DRV - [2005/09/07 14:29:44 | 000,044,288 | ---- | M] (Sonic Solutions) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
    DRV - [2005/03/09 21:50:16 | 000,033,792 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\libusb0.sys -- (libusb0)
     
    thunderclan,
    #22


  3. to hide this advert.

  4. 2011/10/15
    thunderclan

    thunderclan Inactive Thread Starter

    Joined:
    2011/10/11
    Messages:
    31
    Likes Received:
    0
    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5662
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5662
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ddr&s={searchTerms}&f=4


    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5662
    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.earthlink.net/partner/more/msie/button/search.html
    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.earthlink.net/partner/more/msie/button/search.html
    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5662
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5662
    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.earthlink.net/partner/more/msie/button/search.html
    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.earthlink.net/partner/more/msie/button/search.html
    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5662
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-3010283643-4083402107-944152190-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
    IE - HKU\S-1-5-21-3010283643-4083402107-944152190-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    IE - HKU\S-1-5-21-3010283643-4083402107-944152190-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKU\S-1-5-21-3010283643-4083402107-944152190-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
    IE - HKU\S-1-5-21-3010283643-4083402107-944152190-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\S-1-5-21-3010283643-4083402107-944152190-1000\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
    IE - HKU\S-1-5-21-3010283643-4083402107-944152190-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKU\S-1-5-21-3010283643-4083402107-944152190-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:59919

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..network.proxy.type: 4


    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
    FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\PROGRA~1\SONYON~1\npsoe.dll ()
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
    FF - HKCU\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Users\Lucas\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
    FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Lucas\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
    FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/15 10:40:30 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/27 15:21:47 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/15 10:40:30 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/27 15:21:47 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}: C:\Users\Lucas\Program Files\DNA [2010/09/01 10:19:44 | 000,000,000 | ---D | M]

    [2011/08/03 15:10:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2010/05/05 17:48:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2010/05/05 17:47:50 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    [2007/07/26 14:05:16 | 000,001,329 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\crawlersrch.xml
    [2011/02/26 01:10:55 | 000,002,046 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrchddr.xml

    Hosts file not found
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (Shop to Win 6) - {27376903-C3DA-492B-9622-E4AB4DEBBE54} - C:\Program Files\Shop to Win 6\Shop to Win 6.dll (Shop To Win, LLC)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Reg Error: Value error.) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll (Symantec Corporation)
    O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
    O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
    O2 - BHO: (WeCareReminder Class) - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
    O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
    O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll (Symantec Corporation)
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll (Symantec Corporation)
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll (Symantec Corporation)
    O3 - HKU\S-1-5-21-3010283643-4083402107-944152190-1000\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
    O3 - HKU\S-1-5-21-3010283643-4083402107-944152190-1000\..\Toolbar\WebBrowser: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll (Symantec Corporation)
    O4 - HKLM..\Run: [258.exe] C:\Program Files\Internet Explorer\E713\258.exe ()
    O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
    O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
    O4 - HKLM..\Run: [CHotkey] C:\Windows\zHotkey.exe ()
    O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
    O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe ()
    O4 - HKLM..\Run: [ModPS2] C:\Windows\ModPS2Key.exe (Chicony)
    O4 - HKLM..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe (Napster)
    O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [ShowWnd] C:\Windows\ShowWnd.exe ()
    O4 - HKLM..\Run: [Spare Backup] C:\Program Files\Spare Backup\SpareBackup.exe (SpareBackup, Inc.)
    O4 - HKLM..\Run: [SpywareTerminator] C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
    O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
    O4 - HKU\.DEFAULT..\Run: [-1469949828] C:\Windows\TEMP\\jucheck.exe ()
    O4 - HKU\.DEFAULT..\Run: [KB17468.exe] "C:\Windows\system32\config\systemprofile\AppData\Roaming\KB17468.exe" File not found
    O4 - HKU\.DEFAULT..\Run: [lpc] C:\Users\Lucas\AppData\Roaming\Remote\zaagg.dll (Secunia)
    O4 - HKU\.DEFAULT..\Run: [MicrosoftUpdateNotifier] C:\ProgramData\MicrosoftUpdateNotifier.dll (Microsoft Corporation)
    O4 - HKU\.DEFAULT..\Run: [Piriform Update] C:\Windows\System32\config\systemprofile\AppData\Local\Adobe\AdobeUpdate\Adobeupdt32.dll (Microsoft Corporation)
    O4 - HKU\.DEFAULT..\Run: [SampleView Update] rundll32 "C:\Windows\system32\config\systemprofile\AppData\Local\Temp\TempUpdate\Tempupdt32.dll ",DllRegisterServer File not found
    O4 - HKU\S-1-5-18..\Run: [-1469949828] C:\Windows\TEMP\\jucheck.exe ()
    O4 - HKU\S-1-5-18..\Run: [KB17468.exe] "C:\Windows\system32\config\systemprofile\AppData\Roaming\KB17468.exe" File not found
    O4 - HKU\S-1-5-18..\Run: [lpc] C:\Users\Lucas\AppData\Roaming\Remote\zaagg.dll (Secunia)
    O4 - HKU\S-1-5-18..\Run: [MicrosoftUpdateNotifier] C:\ProgramData\MicrosoftUpdateNotifier.dll (Microsoft Corporation)
    O4 - HKU\S-1-5-18..\Run: [Piriform Update] C:\Windows\System32\config\systemprofile\AppData\Local\Adobe\AdobeUpdate\Adobeupdt32.dll (Microsoft Corporation)
    O4 - HKU\S-1-5-18..\Run: [SampleView Update] rundll32 "C:\Windows\system32\config\systemprofile\AppData\Local\Temp\TempUpdate\Tempupdt32.dll ",DllRegisterServer File not found
    O4 - HKU\S-1-5-21-3010283643-4083402107-944152190-1000..\Run: [{7AC291FB-9438-EC3A-047B-FA3187DD16B1}] C:\Users\Lucas\AppData\Roaming\Egyff\munue.exe ()
    O4 - HKU\S-1-5-21-3010283643-4083402107-944152190-1000..\Run: [258.exe] C:\Windows\Temp\258.exe ()
    O4 - HKU\S-1-5-21-3010283643-4083402107-944152190-1000..\Run: [Battle.net Update] C:\Users\Lucas\AppData\Local\Adobe\AdobeUpdate\Adobeupdt32.dll (Andrea Electronics Corporation)
    O4 - HKU\S-1-5-21-3010283643-4083402107-944152190-1000..\Run: [ImageUpdate] \Image Converter Plus\ImageUpdate\Imageupdt32.exe ()
    O4 - HKU\S-1-5-21-3010283643-4083402107-944152190-1000..\Run: [JavaProfilePolicy] C:\ProgramData\JavaProfilePolicy.dll ()
    O4 - HKU\S-1-5-21-3010283643-4083402107-944152190-1000..\Run: [Lazy Update] C:\Users\Lucas\AppData\Local\Apple\AppleUpdate\Appleupdt32.dll ()
    O4 - HKU\S-1-5-21-3010283643-4083402107-944152190-1000..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
    O4 - HKU\S-1-5-21-3010283643-4083402107-944152190-1000..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
    O4 - HKU\S-1-5-21-3010283643-4083402107-944152190-1000..\Run: [winupd] C:\Windows\Temp\winupd.exe ()
    O4 - Startup: C:\Users\Administrator\AppData [2011/10/15 10:38:40 | 000,000,000 | -H-D | M]
    O4 - Startup: C:\Users\Administrator\Application Data [2011/10/15 10:38:21 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\Administrator\Contacts [2011/10/15 10:38:29 | 000,000,000 | R--D | M]
    O4 - Startup: C:\Users\Administrator\Cookies [2011/10/15 10:38:21 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\Administrator\Desktop [2011/10/15 10:38:40 | 000,000,000 | R--D | M]
    O4 - Startup: C:\Users\Administrator\Documents [2011/10/15 10:39:14 | 000,000,000 | R--D | M]
    O4 - Startup: C:\Users\Administrator\Downloads [2011/10/15 10:43:18 | 000,000,000 | R--D | M]
    O4 - Startup: C:\Users\Administrator\Favorites [2011/10/15 10:38:42 | 000,000,000 | R--D | M]
    O4 - Startup: C:\Users\Administrator\Links [2011/10/15 10:38:40 | 000,000,000 | R--D | M]
    O4 - Startup: C:\Users\Administrator\Local Settings [2011/10/15 10:38:21 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\Administrator\Music [2011/10/15 10:38:40 | 000,000,000 | R--D | M]
    O4 - Startup: C:\Users\Administrator\My Documents [2011/10/15 10:38:21 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\Administrator\NetHood [2011/10/15 10:38:21 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\Administrator\NTUSER.DAT ()
    O4 - Startup: C:\Users\Administrator\ntuser.dat.LOG1 ()
    O4 - Startup: C:\Users\Administrator\ntuser.dat.LOG2 ()
    O4 - Startup: C:\Users\Administrator\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf ()
    O4 - Startup: C:\Users\Administrator\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms ()
    O4 - Startup: C:\Users\Administrator\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms ()
    O4 - Startup: C:\Users\Administrator\ntuser.ini ()
    O4 - Startup: C:\Users\Administrator\Pictures [2011/10/15 10:38:40 | 000,000,000 | R--D | M]
    O4 - Startup: C:\Users\Administrator\PrintHood [2011/10/15 10:38:21 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\Administrator\Recent [2011/10/15 10:38:21 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\Administrator\Saved Games [2011/10/15 10:38:40 | 000,000,000 | R--D | M]
    O4 - Startup: C:\Users\Administrator\Searches [2011/10/15 10:38:40 | 000,000,000 | R--D | M]
    O4 - Startup: C:\Users\Administrator\SendTo [2011/10/15 10:38:21 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\Administrator\Start Menu [2011/10/15 10:38:21 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\Administrator\Templates [2011/10/15 10:38:21 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\Administrator\Videos [2011/10/15 10:38:40 | 000,000,000 | R--D | M]
    O4 - Startup: C:\Users\All Users\543024106 ()
    O4 - Startup: C:\Users\All Users\7f2adw3360bh8j3738lxdne7dlx6740362356 ()
    O4 - Startup: C:\Users\All Users\885FAEECA2.sys ()
    O4 - Startup: C:\Users\All Users\Adobe [2011/02/01 18:24:36 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\AirportMania [2008/10/30 19:12:28 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Alawar Entertainment [2010/03/11 14:22:26 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Alawar Stargaze [2010/03/03 12:43:33 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\AlawarSouthpoint [2011/05/28 23:53:03 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\AlawarWrapper [2011/02/02 16:43:35 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Alex Gordon [2008/11/10 17:43:26 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Apple [2009/04/07 17:24:33 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Apple Computer [2009/05/09 18:27:47 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Application Data [2008/02/02 20:02:43 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\All Users\Arcade Lab [2008/04/17 21:29:04 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\ArcSoft [2011/07/30 14:09:19 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Artist Colony [2009/08/11 16:03:34 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\ATI [2007/11/23 18:42:43 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\auov.exe ()
    O4 - Startup: C:\Users\All Users\AVS4YOU [2009/04/10 16:51:28 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Awem [2010/12/03 23:53:11 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\BIAS [2008/02/03 10:26:34 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Big Finish [2011/06/24 20:50:24 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Big Splash Games [2010/09/13 11:43:08 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\BioWare [2011/02/21 21:06:05 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\bitraider [2011/10/03 19:26:11 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Blizzard Entertainment [2011/03/09 15:30:38 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Buried In Time [2010/06/27 18:10:06 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\CanonBJ [2008/05/17 17:14:49 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Colibri Games [2011/05/28 21:42:53 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\CyberLink [2008/03/02 21:35:14 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\DAEMON Tools Lite [2009/12/29 17:03:47 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\dcs020pnx6qb2cg757557o3g4oo7cl1yrtu055q0kf6f ()
    O4 - Startup: C:\Users\All Users\Deep Shadows [2011/06/11 11:51:03 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\deow1vg58852bdtc3g62w37712kpxb620d03722ipd ()
    O4 - Startup: C:\Users\All Users\Desktop [2008/02/02 20:02:43 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\All Users\dingogames [2010/09/28 12:33:05 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\DivX [2010/06/27 21:38:19 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Documents [2008/02/02 20:02:43 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\All Users\DragonsEye Studios [2011/06/20 13:31:19 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Dress-up-pups [2011/05/28 22:00:51 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\DSS [2011/05/19 10:54:24 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\All Users\Dying for Daylight [2011/03/22 21:53:31 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\EA Core [2011/09/15 23:15:22 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Electronic Arts [2011/09/15 23:15:22 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Enkord [2010/09/13 11:43:26 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Escape From Paradise [2008/03/31 08:50:20 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\FarmFrenzy2 [2008/10/26 23:27:16 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\FarmFrenzy_Rome [2011/02/15 01:45:35 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Favorites [2008/02/02 20:02:43 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\All Users\Fenomen Games [2010/04/11 10:22:58 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Firefly Studios [2010/07/23 09:36:18 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\FLEXnet [2008/12/01 18:29:49 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Free Ride Games [2010/10/04 22:54:26 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\FreshGames [2008/10/20 23:05:59 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\FrontLine Registry Cleaner [2010/08/01 14:28:42 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Fugazo [2011/03/26 00:44:30 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Funny Bear Studio [2010/09/13 11:44:42 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\GameHouse [2009/12/10 20:16:50 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\GameMill [2010/02/19 20:09:47 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\GAMEON [2010/02/19 01:13:26 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\GamePlastic [2010/07/08 14:32:38 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Gamers Digital [2010/09/30 11:45:30 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Geek Squad [2008/03/08 14:09:45 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\GOA [2009/11/08 12:26:24 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Gogii Games [2008/12/11 11:37:32 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Google [2009/08/16 18:27:11 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Green Clover Games [2011/01/15 12:16:13 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\gwcl.exe ()
    O4 - Startup: C:\Users\All Users\HitPoint Studios [2010/07/15 13:30:47 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\InstallShield [2008/02/03 01:01:41 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Intenium [2010/03/03 13:25:51 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\iWin [2010/09/26 00:12:54 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\iWin Games [2008/08/30 22:20:20 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\iWinG [2010/09/25 20:59:59 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\JavaProfilePolicy.dll ()
    O4 - Startup: C:\Users\All Users\jnmk.exe ()
    O4 - Startup: C:\Users\All Users\JollyBear [2010/02/22 12:13:46 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\KGyGaAvL.sys ()
    O4 - Startup: C:\Users\All Users\KingsIsle Entertainment [2009/02/01 11:14:13 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Kodak [2010/10/30 13:46:06 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\ktpu.exe ()
    O4 - Startup: C:\Users\All Users\Lionhead Studios [2008/07/14 13:57:52 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\LogiShrd [2009/03/28 14:40:29 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Macromedia [2010/07/01 00:21:25 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Malwarebytes [2009/06/28 17:59:36 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\McAfee [2009/11/23 13:55:13 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Media Center Programs [2011/10/09 13:44:33 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Meridian93 [2009/07/23 00:23:49 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Merscom [2010/06/22 13:50:21 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Microsoft [2011/05/11 16:19:06 | 000,000,000 | --SD | M]
    O4 - Startup: C:\Users\All Users\Microsoft Games [2010/04/06 17:23:25 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Microsoft Help [2011/09/15 03:10:24 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\MicrosoftUpdateNotifier.dll (Microsoft Corporation)
    O4 - Startup: C:\Users\All Users\mqjg.exe ()
    O4 - Startup: C:\Users\All Users\MumboJumbo [2011/05/04 21:27:27 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\MythPeople [2010/09/22 12:35:42 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Namco [2009/05/15 15:25:25 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Napster [2007/11/23 17:34:22 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\NatGeoGames [2011/04/04 14:57:29 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\NetZero [2008/02/02 20:17:26 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Nevosoft-Breeze [2011/02/02 02:25:25 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Norton [2010/10/03 10:27:49 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\NOS [2011/02/17 18:56:17 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\oynbse56n1myh ()
    O4 - Startup: C:\Users\All Users\Particles [2010/05/06 13:14:28 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\pb34h3q1wypq8y6bh452 ()
    O4 - Startup: C:\Users\All Users\PC Drivers HeadQuarters [2011/04/01 19:25:49 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\PC Tools [2011/09/02 01:34:07 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Pinnacle [2008/02/03 00:02:54 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Pinnacle Studio [2008/02/03 00:03:03 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\PlayFirst [2011/04/25 15:34:30 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Playrix Entertainment [2011/06/27 19:44:19 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\PMB Files [2011/10/05 17:02:31 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\PopCap Games [2011/05/29 11:02:50 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Prism Deploy [2006/06/11 17:01:15 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\QB9 S.R.L [2008/11/04 21:34:29 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Rare Treasures - Dinnerware Trading Company [2010/09/30 11:28:56 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Real [2010/04/10 21:40:38 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Reflexive [2009/02/22 14:59:47 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Rumbic Studio [2010/10/20 14:48:29 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Sandlot Games [2008/10/23 19:24:06 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\SimCity Societies [2010/05/11 17:17:34 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Solidshield [2011/02/27 11:14:52 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\SpinTop [2009/07/23 10:23:52 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Sprouts Adventure [2009/06/15 22:55:04 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Spyware Terminator [2011/09/02 00:40:36 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Stardock [2008/10/31 16:07:24 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Start Menu [2008/02/02 20:02:43 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\All Users\Sun [2010/02/05 21:04:52 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Sungift Games [2010/12/23 15:34:15 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Symantec [2009/01/27 10:41:43 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\SZ [2010/02/05 00:04:26 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\TeleportGamesLtd [2010/06/22 13:50:05 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\TEMP [2011/10/03 15:40:01 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Templates [2008/02/02 20:02:43 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\All Users\The Inquisitor [2010/04/19 10:21:26 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\TikGames [2009/05/03 22:13:16 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Try2 [2010/02/06 13:36:08 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Trymedia [2008/03/08 20:37:45 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Ubisoft [2011/03/26 18:28:21 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\UClick [2009/09/06 12:08:43 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\udijmpoz [2009/06/26 14:10:25 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\ValuSoft [2010/02/21 13:53:48 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\vhca.exe ()
    O4 - Startup: C:\Users\All Users\WeCareReminder [2011/08/14 22:21:48 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\WildTangent [2010/09/25 21:11:50 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\WindowsSearch [2010/01/05 12:47:18 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Yahoo! [2009/08/26 00:15:38 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\yxytcfon [2009/09/07 00:45:20 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\{174892B1-CBE7-44F5-86FF-AB555EFD73A3} [2007/11/23 17:28:58 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\Default\AppData [2006/11/02 04:18:34 | 000,000,000 | -H-D | M]
    O4 - Startup: C:\Users\Default\Application Data [2008/02/02 20:02:43 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\Default\Cookies [2008/02/02 20:02:43 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\Default\Desktop [2006/11/02 03:23:35 | 000,000,000 | R--D | M]
    O4 - Startup: C:\Users\Default\Documents [2008/02/02 20:02:43 | 000,000,000 | R--D | M]
    O4 - Startup: C:\Users\Default\Downloads [2006/11/02 03:23:35 | 000,000,000 | R--D | M]
    O4 - Startup: C:\Users\Default\Favorites [2006/11/02 03:23:35 | 000,000,000 | R--D | M]
    O4 - Startup: C:\Users\Default\Links [2006/11/02 03:23:35 | 000,000,000 | R--D | M]
    O4 - Startup: C:\Users\Default\Local Settings [2008/02/02 20:02:43 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\Default\Music [2006/11/02 03:23:35 | 000,000,000 | R--D | M]
    O4 - Startup: C:\Users\Default\My Documents [2008/02/02 20:02:43 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\Default\NetHood [2008/02/02 20:02:43 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\Default\NTUSER.DAT ()
    O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG ()
    O4 - Startup: C:\Users\Default\ntuser.dat.LOG1 ()
    O4 - Startup: C:\Users\Default\ntuser.dat.LOG2 ()
    O4 - Startup: C:\Users\Default\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf ()
    O4 - Startup: C:\Users\Default\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms ()
    O4 - Startup: C:\Users\Default\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms ()
    O4 - Startup: C:\Users\Default\Pictures [2006/11/02 03:23:35 | 000,000,000 | R--D | M]
    O4 - Startup: C:\Users\Default\PrintHood [2008/02/02 20:02:43 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\Default\Recent [2008/02/02 20:02:43 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\Default\Saved Games [2006/11/02 03:23:35 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\Default\SendTo [2008/02/02 20:02:43 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\Default\Start Menu [2008/02/02 20:02:43 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\Default\Templates [2008/02/02 20:02:43 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\Default\Videos [2008/02/03 00:00:34 | 000,000,000 | R--D | M]
    O4 - Startup: C:\Users\Lucas\AppData [2009/02/19 21:51:29 | 000,000,000 | -H-D | M]
    O4 - Startup: C:\Users\Lucas\Application Data [2008/02/02 20:06:44 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\Lucas\Contacts [2008/12/03 20:22:50 | 000,000,000 | R--D | M]
    O4 - Startup: C:\Users\Lucas\Cookies [2008/02/02 20:06:44 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\Lucas\Desktop [2011/10/15 13:56:18 | 000,000,000 | R--D | M]
    O4 - Startup: C:\Users\Lucas\Documents [2011/10/13 23:28:40 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\Lucas\Downloads [2011/10/15 13:56:18 | 000,000,000 | R--D | M]
    O4 - Startup: C:\Users\Lucas\Favorites [2011/03/16 12:04:12 | 000,000,000 | R--D | M]
    O4 - Startup: C:\Users\Lucas\jagex_runescape_preferences.dat ()
    O4 - Startup: C:\Users\Lucas\jagex_runescape_preferences2.dat ()
    O4 - Startup: C:\Users\Lucas\jagex__preferences3.dat ()
    O4 - Startup: C:\Users\Lucas\Links [2008/05/26 18:13:17 | 000,000,000 | R--D | M]
    O4 - Startup: C:\Users\Lucas\Local Settings [2008/02/02 20:06:44 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\Lucas\Music [2010/11/12 23:31:57 | 000,000,000 | R--D | M]
    O4 - Startup: C:\Users\Lucas\My Documents [2008/02/02 20:06:44 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\Lucas\NetHood [2008/02/02 20:06:44 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\Lucas\ntuser.dat ()
    O4 - Startup: C:\Users\Lucas\ntuser.dat.LOG1 ()
    O4 - Startup: C:\Users\Lucas\ntuser.dat.LOG2 ()
    O4 - Startup: C:\Users\Lucas\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf ()
    O4 - Startup: C:\Users\Lucas\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms ()
    O4 - Startup: C:\Users\Lucas\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms ()
    O4 - Startup: C:\Users\Lucas\ntuser.dat{f3b5b8d5-dfc3-11e0-8430-8413776a0c6c}.TM.blf ()
    O4 - Startup: C:\Users\Lucas\ntuser.dat{f3b5b8d5-dfc3-11e0-8430-8413776a0c6c}.TMContainer00000000000000000001.regtrans-ms ()
    O4 - Startup: C:\Users\Lucas\ntuser.dat{f3b5b8d5-dfc3-11e0-8430-8413776a0c6c}.TMContainer00000000000000000002.regtrans-ms ()
    O4 - Startup: C:\Users\Lucas\ntuser.ini ()
    O4 - Startup: C:\Users\Lucas\Pictures [2010/12/29 13:51:44 | 000,000,000 | R--D | M]
    O4 - Startup: C:\Users\Lucas\PM2.CNF.txt ()
    O4 - Startup: C:\Users\Lucas\PrintHood [2008/02/02 20:06:44 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\Lucas\Program Files [2008/08/26 15:03:36 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\Lucas\Recent [2008/02/02 20:06:44 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\Lucas\RenPy [2011/07/25 23:04:33 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\Lucas\Saved Games [2011/05/19 13:22:13 | 000,000,000 | R--D | M]
    O4 - Startup: C:\Users\Lucas\Searches [2008/05/26 18:13:16 | 000,000,000 | R--D | M]
    O4 - Startup: C:\Users\Lucas\SendTo [2008/02/02 20:06:44 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\Lucas\Start Menu [2008/02/02 20:06:44 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\Lucas\Templates [2008/02/02 20:06:44 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\Lucas\Tracing [2011/01/30 23:59:47 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\Lucas\Videos [2011/03/22 18:52:40 | 000,000,000 | R--D | M]
    O4 - Startup: C:\Users\Public\CyberLink [2008/03/02 21:35:14 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\Public\Desktop [2011/10/10 15:11:52 | 000,000,000 | RH-D | M]
    O4 - Startup: C:\Users\Public\Documents [2011/10/03 16:53:12 | 000,000,000 | R--D | M]
    O4 - Startup: C:\Users\Public\Downloads [2009/04/01 02:30:34 | 000,000,000 | R--D | M]
    O4 - Startup: C:\Users\Public\Favorites [2006/11/02 03:23:35 | 000,000,000 | RH-D | M]
    O4 - Startup: C:\Users\Public\Music [2006/11/02 05:50:50 | 000,000,000 | R--D | M]
    O4 - Startup: C:\Users\Public\My Documents [2008/02/03 00:00:34 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\Public\Pictures [2006/11/02 05:50:50 | 000,000,000 | R--D | M]
    O4 - Startup: C:\Users\Public\Recorded TV [2011/01/03 03:01:00 | 000,000,000 | R--D | M]
    O4 - Startup: C:\Users\Public\Sony Online Entertainment [2011/01/23 19:31:51 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\Public\Videos [2008/02/03 17:34:38 | 000,000,000 | R--D | M]
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
    O7 - HKU\S-1-5-21-3010283643-4083402107-944152190-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-3010283643-4083402107-944152190-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
    O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\System32\winrnr.dll File not found
    O13 - gopher Prefix: missing
    O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
    O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
    O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
    O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
    O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
    O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
    O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
    O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
    O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
    O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
    O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
    O15 - HKU\S-1-5-21-3010283643-4083402107-944152190-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-21-3010283643-4083402107-944152190-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-21-3010283643-4083402107-944152190-1000\..Trusted Domains: localhost ([]http in Local intranet)
    O15 - HKU\S-1-5-21-3010283643-4083402107-944152190-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-21-3010283643-4083402107-944152190-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-21-3010283643-4083402107-944152190-1000\..Trusted Ranges: GD ([http] in Local intranet)
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Plugin Control)
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.72.0.cab (SysInfo Class)
    O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Mystery%20Case%20Files%20-%20Ravenhearst/Images/stg_drm.ocx (SpinTop DRM Control)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.9.113.cab (Reg Error: Key error.)
    O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
    O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} http://www.acclaim.com/cabs/acclaim_v5.cab (GameLauncher Control)
    O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
    O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.27.0.cab (Battlefield Heroes Updater)
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace.com/upload/MySpaceUploader2.cab (MySpace Uploader Control)
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} http://ax.emsisoft.com/asquared.cab (a-squared Scanner)
    O16 - DPF: {C0C0CB9B-BFEB-47C2-90FA-BE9692875ADB} http://aolsvc.aol.com/onlinegames/free-trial-pet-shop-hop/petshophopweb.1.0.0.16.cab (CPlayFirstPetShopHopControl Object)
    O16 - DPF: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_17-windows-i586.cab (Java Plug-in 1.5.0_17)
    O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Mystery%20Case%20Files%20-%20Ravenhearst/Images/armhelper.ocx (ArmHelper Control)
    O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://games.myspace.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: Microsoft XML Parser for Java file:///C:/Windows/Java/classes/xmldso.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EE254B5B-9AA5-4CF8-B9D6-3638BF47FB5C}: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\livecall - No CLSID value found
    O18 - Protocol\Handler\msnim - No CLSID value found
    O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) -C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
    O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\GTW2_Standard.bmp
    O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\GTW2_Standard.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2008/02/03 00:00:01 | 000,000,121 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2004/04/30 02:01:00 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ NTFS ]
    O33 - MountPoints2\{0871eb4e-1b11-11e0-bec5-8c432f45a013}\Shell - " " = AutoRun
    O33 - MountPoints2\{0871eb4e-1b11-11e0-bec5-8c432f45a013}\Shell\AutoRun\command - " " = J:\autorun.exe -auto
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKU\.DEFAULT\...exe [@ = exefile] -- "C:\Users\Lucas\AppData\Local\vug.exe" -a "%1" %*
    O37 - HKU\S-1-5-18\...exe [@ = exefile] -- "C:\Users\Lucas\AppData\Local\vug.exe" -a "%1" %*
     
    thunderclan,
    #23
  5. 2011/10/15
    thunderclan

    thunderclan Inactive Thread Starter

    Joined:
    2011/10/11
    Messages:
    31
    Likes Received:
    0
    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5662
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5662
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ddr&s={searchTerms}&f=4


    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5662
    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.earthlink.net/partner/more/msie/button/search.html
    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.earthlink.net/partner/more/msie/button/search.html
    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5662
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5662
    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.earthlink.net/partner/more/msie/button/search.html
    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.earthlink.net/partner/more/msie/button/search.html
    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5662
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-3010283643-4083402107-944152190-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
    IE - HKU\S-1-5-21-3010283643-4083402107-944152190-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    IE - HKU\S-1-5-21-3010283643-4083402107-944152190-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKU\S-1-5-21-3010283643-4083402107-944152190-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
    IE - HKU\S-1-5-21-3010283643-4083402107-944152190-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\S-1-5-21-3010283643-4083402107-944152190-1000\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
    IE - HKU\S-1-5-21-3010283643-4083402107-944152190-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKU\S-1-5-21-3010283643-4083402107-944152190-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:59919

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..network.proxy.type: 4


    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
    FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\PROGRA~1\SONYON~1\npsoe.dll ()
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
    FF - HKCU\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Users\Lucas\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
    FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Lucas\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
    FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/15 10:40:30 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/27 15:21:47 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/15 10:40:30 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/27 15:21:47 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}: C:\Users\Lucas\Program Files\DNA [2010/09/01 10:19:44 | 000,000,000 | ---D | M]

    [2011/08/03 15:10:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2010/05/05 17:48:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2010/05/05 17:47:50 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    [2007/07/26 14:05:16 | 000,001,329 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\crawlersrch.xml
    [2011/02/26 01:10:55 | 000,002,046 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrchddr.xml

    Hosts file not found
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (Shop to Win 6) - {27376903-C3DA-492B-9622-E4AB4DEBBE54} - C:\Program Files\Shop to Win 6\Shop to Win 6.dll (Shop To Win, LLC)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Reg Error: Value error.) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll (Symantec Corporation)
    O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
    O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
    O2 - BHO: (WeCareReminder Class) - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
    O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
    O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll (Symantec Corporation)
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll (Symantec Corporation)
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll (Symantec Corporation)
    O3 - HKU\S-1-5-21-3010283643-4083402107-944152190-1000\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
    O3 - HKU\S-1-5-21-3010283643-4083402107-944152190-1000\..\Toolbar\WebBrowser: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll (Symantec Corporation)
    O4 - HKLM..\Run: [258.exe] C:\Program Files\Internet Explorer\E713\258.exe ()
    O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
    O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
    O4 - HKLM..\Run: [CHotkey] C:\Windows\zHotkey.exe ()
    O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
    O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe ()
    O4 - HKLM..\Run: [ModPS2] C:\Windows\ModPS2Key.exe (Chicony)
    O4 - HKLM..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe (Napster)
    O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [ShowWnd] C:\Windows\ShowWnd.exe ()
    O4 - HKLM..\Run: [Spare Backup] C:\Program Files\Spare Backup\SpareBackup.exe (SpareBackup, Inc.)
    O4 - HKLM..\Run: [SpywareTerminator] C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
    O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
    O4 - HKU\.DEFAULT..\Run: [-1469949828] C:\Windows\TEMP\\jucheck.exe ()
    O4 - HKU\.DEFAULT..\Run: [KB17468.exe] "C:\Windows\system32\config\systemprofile\AppData\Roaming\KB17468.exe" File not found
    O4 - HKU\.DEFAULT..\Run: [lpc] C:\Users\Lucas\AppData\Roaming\Remote\zaagg.dll (Secunia)
    O4 - HKU\.DEFAULT..\Run: [MicrosoftUpdateNotifier] C:\ProgramData\MicrosoftUpdateNotifier.dll (Microsoft Corporation)
    O4 - HKU\.DEFAULT..\Run: [Piriform Update] C:\Windows\System32\config\systemprofile\AppData\Local\Adobe\AdobeUpdate\Adobeupdt32.dll (Microsoft Corporation)
    O4 - HKU\.DEFAULT..\Run: [SampleView Update] rundll32 "C:\Windows\system32\config\systemprofile\AppData\Local\Temp\TempUpdate\Tempupdt32.dll ",DllRegisterServer File not found
    O4 - HKU\S-1-5-18..\Run: [-1469949828] C:\Windows\TEMP\\jucheck.exe ()
    O4 - HKU\S-1-5-18..\Run: [KB17468.exe] "C:\Windows\system32\config\systemprofile\AppData\Roaming\KB17468.exe" File not found
    O4 - HKU\S-1-5-18..\Run: [lpc] C:\Users\Lucas\AppData\Roaming\Remote\zaagg.dll (Secunia)
    O4 - HKU\S-1-5-18..\Run: [MicrosoftUpdateNotifier] C:\ProgramData\MicrosoftUpdateNotifier.dll (Microsoft Corporation)
    O4 - HKU\S-1-5-18..\Run: [Piriform Update] C:\Windows\System32\config\systemprofile\AppData\Local\Adobe\AdobeUpdate\Adobeupdt32.dll (Microsoft Corporation)
    O4 - HKU\S-1-5-18..\Run: [SampleView Update] rundll32 "C:\Windows\system32\config\systemprofile\AppData\Local\Temp\TempUpdate\Tempupdt32.dll ",DllRegisterServer File not found
    O4 - HKU\S-1-5-21-3010283643-4083402107-944152190-1000..\Run: [{7AC291FB-9438-EC3A-047B-FA3187DD16B1}] C:\Users\Lucas\AppData\Roaming\Egyff\munue.exe ()
    O4 - HKU\S-1-5-21-3010283643-4083402107-944152190-1000..\Run: [258.exe] C:\Windows\Temp\258.exe ()
    O4 - HKU\S-1-5-21-3010283643-4083402107-944152190-1000..\Run: [Battle.net Update] C:\Users\Lucas\AppData\Local\Adobe\AdobeUpdate\Adobeupdt32.dll (Andrea Electronics Corporation)
    O4 - HKU\S-1-5-21-3010283643-4083402107-944152190-1000..\Run: [ImageUpdate] \Image Converter Plus\ImageUpdate\Imageupdt32.exe ()
    O4 - HKU\S-1-5-21-3010283643-4083402107-944152190-1000..\Run: [JavaProfilePolicy] C:\ProgramData\JavaProfilePolicy.dll ()
    O4 - HKU\S-1-5-21-3010283643-4083402107-944152190-1000..\Run: [Lazy Update] C:\Users\Lucas\AppData\Local\Apple\AppleUpdate\Appleupdt32.dll ()
    O4 - HKU\S-1-5-21-3010283643-4083402107-944152190-1000..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
    O4 - HKU\S-1-5-21-3010283643-4083402107-944152190-1000..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
    O4 - HKU\S-1-5-21-3010283643-4083402107-944152190-1000..\Run: [winupd] C:\Windows\Temp\winupd.exe ()
    O4 - Startup: C:\Users\Administrator\AppData [2011/10/15 10:38:40 | 000,000,000 | -H-D | M]
    O4 - Startup: C:\Users\Administrator\Application Data [2011/10/15 10:38:21 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\Administrator\Contacts [2011/10/15 10:38:29 | 000,000,000 | R--D | M]
    O4 - Startup: C:\Users\Administrator\Cookies [2011/10/15 10:38:21 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\Administrator\Desktop [2011/10/15 10:38:40 | 000,000,000 | R--D | M]
    O4 - Startup: C:\Users\Administrator\Documents [2011/10/15 10:39:14 | 000,000,000 | R--D | M]
    O4 - Startup: C:\Users\Administrator\Downloads [2011/10/15 10:43:18 | 000,000,000 | R--D | M]
    O4 - Startup: C:\Users\Administrator\Favorites [2011/10/15 10:38:42 | 000,000,000 | R--D | M]
    O4 - Startup: C:\Users\Administrator\Links [2011/10/15 10:38:40 | 000,000,000 | R--D | M]
    O4 - Startup: C:\Users\Administrator\Local Settings [2011/10/15 10:38:21 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\Administrator\Music [2011/10/15 10:38:40 | 000,000,000 | R--D | M]
    O4 - Startup: C:\Users\Administrator\My Documents [2011/10/15 10:38:21 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\Administrator\NetHood [2011/10/15 10:38:21 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\Administrator\NTUSER.DAT ()
    O4 - Startup: C:\Users\Administrator\ntuser.dat.LOG1 ()
    O4 - Startup: C:\Users\Administrator\ntuser.dat.LOG2 ()
    O4 - Startup: C:\Users\Administrator\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf ()
    O4 - Startup: C:\Users\Administrator\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms ()
    O4 - Startup: C:\Users\Administrator\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms ()
    O4 - Startup: C:\Users\Administrator\ntuser.ini ()
    O4 - Startup: C:\Users\Administrator\Pictures [2011/10/15 10:38:40 | 000,000,000 | R--D | M]
    O4 - Startup: C:\Users\Administrator\PrintHood [2011/10/15 10:38:21 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\Administrator\Recent [2011/10/15 10:38:21 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\Administrator\Saved Games [2011/10/15 10:38:40 | 000,000,000 | R--D | M]
    O4 - Startup: C:\Users\Administrator\Searches [2011/10/15 10:38:40 | 000,000,000 | R--D | M]
    O4 - Startup: C:\Users\Administrator\SendTo [2011/10/15 10:38:21 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\Administrator\Start Menu [2011/10/15 10:38:21 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\Administrator\Templates [2011/10/15 10:38:21 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\Administrator\Videos [2011/10/15 10:38:40 | 000,000,000 | R--D | M]
    O4 - Startup: C:\Users\All Users\543024106 ()
    O4 - Startup: C:\Users\All Users\7f2adw3360bh8j3738lxdne7dlx6740362356 ()
    O4 - Startup: C:\Users\All Users\885FAEECA2.sys ()
    O4 - Startup: C:\Users\All Users\Adobe [2011/02/01 18:24:36 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\AirportMania [2008/10/30 19:12:28 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Alawar Entertainment [2010/03/11 14:22:26 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Alawar Stargaze [2010/03/03 12:43:33 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\AlawarSouthpoint [2011/05/28 23:53:03 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\AlawarWrapper [2011/02/02 16:43:35 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Alex Gordon [2008/11/10 17:43:26 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Apple [2009/04/07 17:24:33 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Apple Computer [2009/05/09 18:27:47 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Application Data [2008/02/02 20:02:43 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\All Users\Arcade Lab [2008/04/17 21:29:04 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\ArcSoft [2011/07/30 14:09:19 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Artist Colony [2009/08/11 16:03:34 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\ATI [2007/11/23 18:42:43 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\auov.exe ()
    O4 - Startup: C:\Users\All Users\AVS4YOU [2009/04/10 16:51:28 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Awem [2010/12/03 23:53:11 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\BIAS [2008/02/03 10:26:34 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Big Finish [2011/06/24 20:50:24 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Big Splash Games [2010/09/13 11:43:08 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\BioWare [2011/02/21 21:06:05 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\bitraider [2011/10/03 19:26:11 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Blizzard Entertainment [2011/03/09 15:30:38 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Buried In Time [2010/06/27 18:10:06 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\CanonBJ [2008/05/17 17:14:49 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Colibri Games [2011/05/28 21:42:53 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\CyberLink [2008/03/02 21:35:14 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\DAEMON Tools Lite [2009/12/29 17:03:47 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\dcs020pnx6qb2cg757557o3g4oo7cl1yrtu055q0kf6f ()
    O4 - Startup: C:\Users\All Users\Deep Shadows [2011/06/11 11:51:03 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\deow1vg58852bdtc3g62w37712kpxb620d03722ipd ()
    O4 - Startup: C:\Users\All Users\Desktop [2008/02/02 20:02:43 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\All Users\dingogames [2010/09/28 12:33:05 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\DivX [2010/06/27 21:38:19 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Documents [2008/02/02 20:02:43 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\All Users\DragonsEye Studios [2011/06/20 13:31:19 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Dress-up-pups [2011/05/28 22:00:51 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\DSS [2011/05/19 10:54:24 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\All Users\Dying for Daylight [2011/03/22 21:53:31 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\EA Core [2011/09/15 23:15:22 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Electronic Arts [2011/09/15 23:15:22 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Enkord [2010/09/13 11:43:26 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Escape From Paradise [2008/03/31 08:50:20 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\FarmFrenzy2 [2008/10/26 23:27:16 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\FarmFrenzy_Rome [2011/02/15 01:45:35 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Favorites [2008/02/02 20:02:43 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\All Users\Fenomen Games [2010/04/11 10:22:58 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Firefly Studios [2010/07/23 09:36:18 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\FLEXnet [2008/12/01 18:29:49 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Free Ride Games [2010/10/04 22:54:26 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\FreshGames [2008/10/20 23:05:59 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\FrontLine Registry Cleaner [2010/08/01 14:28:42 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Fugazo [2011/03/26 00:44:30 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Funny Bear Studio [2010/09/13 11:44:42 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\GameHouse [2009/12/10 20:16:50 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\GameMill [2010/02/19 20:09:47 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\GAMEON [2010/02/19 01:13:26 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\GamePlastic [2010/07/08 14:32:38 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Gamers Digital [2010/09/30 11:45:30 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Geek Squad [2008/03/08 14:09:45 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\GOA [2009/11/08 12:26:24 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Gogii Games [2008/12/11 11:37:32 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Google [2009/08/16 18:27:11 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Green Clover Games [2011/01/15 12:16:13 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\gwcl.exe ()
    O4 - Startup: C:\Users\All Users\HitPoint Studios [2010/07/15 13:30:47 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\InstallShield [2008/02/03 01:01:41 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Intenium [2010/03/03 13:25:51 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\iWin [2010/09/26 00:12:54 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\iWin Games [2008/08/30 22:20:20 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\iWinG [2010/09/25 20:59:59 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\JavaProfilePolicy.dll ()
    O4 - Startup: C:\Users\All Users\jnmk.exe ()
    O4 - Startup: C:\Users\All Users\JollyBear [2010/02/22 12:13:46 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\KGyGaAvL.sys ()
    O4 - Startup: C:\Users\All Users\KingsIsle Entertainment [2009/02/01 11:14:13 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Kodak [2010/10/30 13:46:06 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\ktpu.exe ()
    O4 - Startup: C:\Users\All Users\Lionhead Studios [2008/07/14 13:57:52 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\LogiShrd [2009/03/28 14:40:29 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Macromedia [2010/07/01 00:21:25 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Malwarebytes [2009/06/28 17:59:36 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\McAfee [2009/11/23 13:55:13 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Media Center Programs [2011/10/09 13:44:33 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Meridian93 [2009/07/23 00:23:49 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Merscom [2010/06/22 13:50:21 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Microsoft [2011/05/11 16:19:06 | 000,000,000 | --SD | M]
    O4 - Startup: C:\Users\All Users\Microsoft Games [2010/04/06 17:23:25 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Microsoft Help [2011/09/15 03:10:24 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\MicrosoftUpdateNotifier.dll (Microsoft Corporation)
    O4 - Startup: C:\Users\All Users\mqjg.exe ()
    O4 - Startup: C:\Users\All Users\MumboJumbo [2011/05/04 21:27:27 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\MythPeople [2010/09/22 12:35:42 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Namco [2009/05/15 15:25:25 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Napster [2007/11/23 17:34:22 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\NatGeoGames [2011/04/04 14:57:29 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\NetZero [2008/02/02 20:17:26 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Nevosoft-Breeze [2011/02/02 02:25:25 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Norton [2010/10/03 10:27:49 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\NOS [2011/02/17 18:56:17 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\oynbse56n1myh ()
    O4 - Startup: C:\Users\All Users\Particles [2010/05/06 13:14:28 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\pb34h3q1wypq8y6bh452 ()
    O4 - Startup: C:\Users\All Users\PC Drivers HeadQuarters [2011/04/01 19:25:49 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\PC Tools [2011/09/02 01:34:07 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Pinnacle [2008/02/03 00:02:54 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Pinnacle Studio [2008/02/03 00:03:03 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\PlayFirst [2011/04/25 15:34:30 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Playrix Entertainment [2011/06/27 19:44:19 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\PMB Files [2011/10/05 17:02:31 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\PopCap Games [2011/05/29 11:02:50 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Prism Deploy [2006/06/11 17:01:15 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\QB9 S.R.L [2008/11/04 21:34:29 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Rare Treasures - Dinnerware Trading Company [2010/09/30 11:28:56 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Real [2010/04/10 21:40:38 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Reflexive [2009/02/22 14:59:47 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Rumbic Studio [2010/10/20 14:48:29 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Sandlot Games [2008/10/23 19:24:06 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\SimCity Societies [2010/05/11 17:17:34 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Solidshield [2011/02/27 11:14:52 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\SpinTop [2009/07/23 10:23:52 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Sprouts Adventure [2009/06/15 22:55:04 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Spyware Terminator [2011/09/02 00:40:36 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Stardock [2008/10/31 16:07:24 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Start Menu [2008/02/02 20:02:43 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\All Users\Sun [2010/02/05 21:04:52 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Sungift Games [2010/12/23 15:34:15 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Symantec [2009/01/27 10:41:43 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\SZ [2010/02/05 00:04:26 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\TeleportGamesLtd [2010/06/22 13:50:05 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\TEMP [2011/10/03 15:40:01 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Templates [2008/02/02 20:02:43 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\All Users\The Inquisitor [2010/04/19 10:21:26 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\TikGames [2009/05/03 22:13:16 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Try2 [2010/02/06 13:36:08 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Trymedia [2008/03/08 20:37:45 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Ubisoft [2011/03/26 18:28:21 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\UClick [2009/09/06 12:08:43 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\udijmpoz [2009/06/26 14:10:25 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\ValuSoft [2010/02/21 13:53:48 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\vhca.exe ()
    O4 - Startup: C:\Users\All Users\WeCareReminder [2011/08/14 22:21:48 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\WildTangent [2010/09/25 21:11:50 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\WindowsSearch [2010/01/05 12:47:18 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\Yahoo! [2009/08/26 00:15:38 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\yxytcfon [2009/09/07 00:45:20 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\All Users\{174892B1-CBE7-44F5-86FF-AB555EFD73A3} [2007/11/23 17:28:58 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\Default\AppData [2006/11/02 04:18:34 | 000,000,000 | -H-D | M]
    O4 - Startup: C:\Users\Default\Application Data [2008/02/02 20:02:43 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\Default\Cookies [2008/02/02 20:02:43 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\Default\Desktop [2006/11/02 03:23:35 | 000,000,000 | R--D | M]
    O4 - Startup: C:\Users\Default\Documents [2008/02/02 20:02:43 | 000,000,000 | R--D | M]
    O4 - Startup: C:\Users\Default\Downloads [2006/11/02 03:23:35 | 000,000,000 | R--D | M]
    O4 - Startup: C:\Users\Default\Favorites [2006/11/02 03:23:35 | 000,000,000 | R--D | M]
    O4 - Startup: C:\Users\Default\Links [2006/11/02 03:23:35 | 000,000,000 | R--D | M]
    O4 - Startup: C:\Users\Default\Local Settings [2008/02/02 20:02:43 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\Default\Music [2006/11/02 03:23:35 | 000,000,000 | R--D | M]
    O4 - Startup: C:\Users\Default\My Documents [2008/02/02 20:02:43 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\Default\NetHood [2008/02/02 20:02:43 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\Default\NTUSER.DAT ()
    O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG ()
    O4 - Startup: C:\Users\Default\ntuser.dat.LOG1 ()
    O4 - Startup: C:\Users\Default\ntuser.dat.LOG2 ()
    O4 - Startup: C:\Users\Default\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf ()
    O4 - Startup: C:\Users\Default\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms ()
    O4 - Startup: C:\Users\Default\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms ()
    O4 - Startup: C:\Users\Default\Pictures [2006/11/02 03:23:35 | 000,000,000 | R--D | M]
    O4 - Startup: C:\Users\Default\PrintHood [2008/02/02 20:02:43 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\Default\Recent [2008/02/02 20:02:43 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\Default\Saved Games [2006/11/02 03:23:35 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\Default\SendTo [2008/02/02 20:02:43 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\Default\Start Menu [2008/02/02 20:02:43 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\Default\Templates [2008/02/02 20:02:43 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\Default\Videos [2008/02/03 00:00:34 | 000,000,000 | R--D | M]
    O4 - Startup: C:\Users\Lucas\AppData [2009/02/19 21:51:29 | 000,000,000 | -H-D | M]
    O4 - Startup: C:\Users\Lucas\Application Data [2008/02/02 20:06:44 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\Lucas\Contacts [2008/12/03 20:22:50 | 000,000,000 | R--D | M]
    O4 - Startup: C:\Users\Lucas\Cookies [2008/02/02 20:06:44 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\Lucas\Desktop [2011/10/15 13:56:18 | 000,000,000 | R--D | M]
    O4 - Startup: C:\Users\Lucas\Documents [2011/10/13 23:28:40 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\Lucas\Downloads [2011/10/15 13:56:18 | 000,000,000 | R--D | M]
    O4 - Startup: C:\Users\Lucas\Favorites [2011/03/16 12:04:12 | 000,000,000 | R--D | M]
    O4 - Startup: C:\Users\Lucas\jagex_runescape_preferences.dat ()
    O4 - Startup: C:\Users\Lucas\jagex_runescape_preferences2.dat ()
    O4 - Startup: C:\Users\Lucas\jagex__preferences3.dat ()
    O4 - Startup: C:\Users\Lucas\Links [2008/05/26 18:13:17 | 000,000,000 | R--D | M]
    O4 - Startup: C:\Users\Lucas\Local Settings [2008/02/02 20:06:44 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\Lucas\Music [2010/11/12 23:31:57 | 000,000,000 | R--D | M]
    O4 - Startup: C:\Users\Lucas\My Documents [2008/02/02 20:06:44 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\Lucas\NetHood [2008/02/02 20:06:44 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\Lucas\ntuser.dat ()
    O4 - Startup: C:\Users\Lucas\ntuser.dat.LOG1 ()
    O4 - Startup: C:\Users\Lucas\ntuser.dat.LOG2 ()
    O4 - Startup: C:\Users\Lucas\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf ()
    O4 - Startup: C:\Users\Lucas\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms ()
    O4 - Startup: C:\Users\Lucas\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms ()
    O4 - Startup: C:\Users\Lucas\ntuser.dat{f3b5b8d5-dfc3-11e0-8430-8413776a0c6c}.TM.blf ()
    O4 - Startup: C:\Users\Lucas\ntuser.dat{f3b5b8d5-dfc3-11e0-8430-8413776a0c6c}.TMContainer00000000000000000001.regtrans-ms ()
    O4 - Startup: C:\Users\Lucas\ntuser.dat{f3b5b8d5-dfc3-11e0-8430-8413776a0c6c}.TMContainer00000000000000000002.regtrans-ms ()
    O4 - Startup: C:\Users\Lucas\ntuser.ini ()
    O4 - Startup: C:\Users\Lucas\Pictures [2010/12/29 13:51:44 | 000,000,000 | R--D | M]
    O4 - Startup: C:\Users\Lucas\PM2.CNF.txt ()
    O4 - Startup: C:\Users\Lucas\PrintHood [2008/02/02 20:06:44 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\Lucas\Program Files [2008/08/26 15:03:36 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\Lucas\Recent [2008/02/02 20:06:44 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\Lucas\RenPy [2011/07/25 23:04:33 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\Lucas\Saved Games [2011/05/19 13:22:13 | 000,000,000 | R--D | M]
    O4 - Startup: C:\Users\Lucas\Searches [2008/05/26 18:13:16 | 000,000,000 | R--D | M]
    O4 - Startup: C:\Users\Lucas\SendTo [2008/02/02 20:06:44 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\Lucas\Start Menu [2008/02/02 20:06:44 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\Lucas\Templates [2008/02/02 20:06:44 | 000,000,000 | -HSD | M]
    O4 - Startup: C:\Users\Lucas\Tracing [2011/01/30 23:59:47 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\Lucas\Videos [2011/03/22 18:52:40 | 000,000,000 | R--D | M]
    O4 - Startup: C:\Users\Public\CyberLink [2008/03/02 21:35:14 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\Public\Desktop [2011/10/10 15:11:52 | 000,000,000 | RH-D | M]
    O4 - Startup: C:\Users\Public\Documents [2011/10/03 16:53:12 | 000,000,000 | R--D | M]
    O4 - Startup: C:\Users\Public\Downloads [2009/04/01 02:30:34 | 000,000,000 | R--D | M]
    O4 - Startup: C:\Users\Public\Favorites [2006/11/02 03:23:35 | 000,000,000 | RH-D | M]
    O4 - Startup: C:\Users\Public\Music [2006/11/02 05:50:50 | 000,000,000 | R--D | M]
    O4 - Startup: C:\Users\Public\My Documents [2008/02/03 00:00:34 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\Public\Pictures [2006/11/02 05:50:50 | 000,000,000 | R--D | M]
    O4 - Startup: C:\Users\Public\Recorded TV [2011/01/03 03:01:00 | 000,000,000 | R--D | M]
    O4 - Startup: C:\Users\Public\Sony Online Entertainment [2011/01/23 19:31:51 | 000,000,000 | ---D | M]
    O4 - Startup: C:\Users\Public\Videos [2008/02/03 17:34:38 | 000,000,000 | R--D | M]
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
    O7 - HKU\S-1-5-21-3010283643-4083402107-944152190-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-3010283643-4083402107-944152190-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
    O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\System32\winrnr.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\System32\winrnr.dll File not found
    O13 - gopher Prefix: missing
    O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
    O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
    O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
    O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
    O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
    O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
    O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
    O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
    O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
    O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
    O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
    O15 - HKU\S-1-5-21-3010283643-4083402107-944152190-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-21-3010283643-4083402107-944152190-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-21-3010283643-4083402107-944152190-1000\..Trusted Domains: localhost ([]http in Local intranet)
    O15 - HKU\S-1-5-21-3010283643-4083402107-944152190-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-21-3010283643-4083402107-944152190-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-21-3010283643-4083402107-944152190-1000\..Trusted Ranges: GD ([http] in Local intranet)
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Plugin Control)
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.72.0.cab (SysInfo Class)
    O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Mystery%20Case%20Files%20-%20Ravenhearst/Images/stg_drm.ocx (SpinTop DRM Control)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.9.113.cab (Reg Error: Key error.)
    O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
    O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} http://www.acclaim.com/cabs/acclaim_v5.cab (GameLauncher Control)
    O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
    O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.27.0.cab (Battlefield Heroes Updater)
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace.com/upload/MySpaceUploader2.cab (MySpace Uploader Control)
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} http://ax.emsisoft.com/asquared.cab (a-squared Scanner)
    O16 - DPF: {C0C0CB9B-BFEB-47C2-90FA-BE9692875ADB} http://aolsvc.aol.com/onlinegames/free-trial-pet-shop-hop/petshophopweb.1.0.0.16.cab (CPlayFirstPetShopHopControl Object)
    O16 - DPF: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_17-windows-i586.cab (Java Plug-in 1.5.0_17)
    O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Mystery%20Case%20Files%20-%20Ravenhearst/Images/armhelper.ocx (ArmHelper Control)
    O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://games.myspace.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: Microsoft XML Parser for Java file:///C:/Windows/Java/classes/xmldso.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EE254B5B-9AA5-4CF8-B9D6-3638BF47FB5C}: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\livecall - No CLSID value found
    O18 - Protocol\Handler\msnim - No CLSID value found
    O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) -C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
    O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\GTW2_Standard.bmp
    O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\GTW2_Standard.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2008/02/03 00:00:01 | 000,000,121 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2004/04/30 02:01:00 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ NTFS ]
    O33 - MountPoints2\{0871eb4e-1b11-11e0-bec5-8c432f45a013}\Shell - " " = AutoRun
    O33 - MountPoints2\{0871eb4e-1b11-11e0-bec5-8c432f45a013}\Shell\AutoRun\command - " " = J:\autorun.exe -auto
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKU\.DEFAULT\...exe [@ = exefile] -- "C:\Users\Lucas\AppData\Local\vug.exe" -a "%1" %*
    O37 - HKU\S-1-5-18\...exe [@ = exefile] -- "C:\Users\Lucas\AppData\Local\vug.exe" -a "%1" %*
     
    thunderclan,
    #24
  6. 2011/10/15
    thunderclan

    thunderclan Inactive Thread Starter

    Joined:
    2011/10/11
    Messages:
    31
    Likes Received:
    0
    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    Drivers32: msacm.ac3acm - C:\Windows\System32\ac3acm.acm (fccHandler)
    Drivers32: msacm.clmp3enc - C:\Program Files\CyberLink\Power2Go\CLMP3Enc.ACM (CyberLink Corp.)
    Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.lameacm - C:\Windows\System32\lameACM.acm (http://www.mp3dev.org/)
    Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
    Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
    Drivers32: VIDC.FPS1 - C:\Windows\System32\frapsvid.dll (Beepa P/L)
    Drivers32: VIDC.IV41 - C:\Windows\System32\ir41_32.ax (Intel Corporation)
    Drivers32: VIDC.MJPG - C:\Windows\System32\pvmjpg30.dll (Pegasus Imaging Corporation)
    Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
    Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
    Drivers32: vidc.yv12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org)

    CREATERESTOREPOINT
    Error creating restore point.

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/10/15 10:42:48 | 000,150,392 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Windows\junction.exe
    [2011/10/12 13:39:32 | 000,000,000 | ---D | C] -- C:\44EB6
    [2011/10/12 13:39:32 | 000,000,000 | ---D | C] -- \44EB6
    [2011/10/11 21:19:04 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2011/10/11 21:19:03 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2011/10/11 21:19:03 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2011/10/11 21:18:48 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2011/10/11 20:32:38 | 000,100,352 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\MicrosoftUpdateNotifier.dll
    [2011/10/11 20:13:12 | 000,000,000 | ---D | C] -- C:\Windows\367780982
    [2011/10/10 15:11:52 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [2011/10/10 15:11:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/10/10 15:11:48 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2011/10/10 15:11:48 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2011/10/10 14:08:36 | 000,000,000 | ---D | C] -- C:\39344
    [2011/10/10 14:08:36 | 000,000,000 | ---D | C] -- \39344
    [2011/10/09 13:21:53 | 000,000,000 | ---D | C] -- C:\Program Files\Mass Effect
    [2011/10/08 20:36:07 | 000,000,000 | ---D | C] -- C:\Windows\System32\1066
    [2011/10/05 17:02:31 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
    [2011/10/03 16:53:20 | 000,000,000 | ---D | C] -- C:\ProgramData\bitraider
    [2011/10/03 16:53:12 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\BitRaider
    [2011/09/30 18:29:18 | 000,000,000 | ---D | C] -- C:\Program Files\Heroes of Hellas 3 Athens
    [2011/09/26 23:03:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mount&Blade
    [2011/09/23 09:45:02 | 000,000,000 | ---D | C] -- C:\Program Files\Mount&Blade Warband
    [2011/09/19 12:47:08 | 000,000,000 | ---D | C] -- C:\Program Files\FishBone Games
    [2011/09/15 23:15:22 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core
    [2009/02/21 17:25:19 | 000,098,304 | ---- | C] ( ) -- C:\Windows\System32\mqapi.exe
    [2007/06/07 01:50:16 | 000,386,544 | ---- | C] ( ) -- C:\Windows\System32\dlbtih.exe
    [2007/06/07 01:50:14 | 000,538,096 | ---- | C] ( ) -- C:\Windows\System32\dlbtcoms.exe
    [2007/06/07 01:50:12 | 000,382,448 | ---- | C] ( ) -- C:\Windows\System32\dlbtcfg.exe
    [2007/01/30 14:47:52 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\dlbtpmui.dll
    [2007/01/30 14:46:00 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\dlbtserv.dll
    [2007/01/30 14:38:18 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\dlbtcomm.dll
    [2007/01/30 14:36:30 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\dlbtlmpm.dll
    [2007/01/30 14:35:00 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\dlbtiesc.dll
    [2007/01/30 14:32:06 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\dlbtpplc.dll
    [2007/01/30 14:31:08 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\dlbtcomc.dll
    [2007/01/30 14:30:30 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\dlbtprox.dll
    [2007/01/30 14:22:32 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\dlbtinpa.dll
    [2007/01/30 14:21:46 | 000,995,328 | ---- | C] ( ) -- C:\Windows\System32\dlbtusb1.dll
    [2007/01/30 14:17:02 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\dlbthbn3.dll
    [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    [19 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/10/15 14:35:05 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2011/10/15 13:07:52 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/10/15 13:07:52 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/10/15 12:32:30 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2011/10/15 09:07:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/10/14 17:19:10 | 000,644,530 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2011/10/14 17:19:10 | 000,120,238 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2011/10/14 17:12:26 | 3219,644,416 | -HS- | M] () -- C:\hiberfil.sys
    [2011/10/13 23:13:33 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI
    [2011/10/13 21:37:12 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{141C37F0-0A5E-467E-86CC-4B5A2FF87D3A}.job
    [2011/10/13 19:12:58 | 000,140,288 | ---- | M] () -- C:\ProgramData\JavaProfilePolicy.dll
    [2011/10/11 20:32:45 | 000,054,156 | -H-- | M] () -- C:\Windows\QTFont.qfn
    [2011/10/10 15:11:52 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/10/08 20:36:07 | 000,000,368 | ---- | M] () -- C:\Windows\tasks\At1.job
    [2011/10/03 20:00:12 | 000,000,546 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Run Full System Scan - Lucas.job
    [2011/09/30 18:29:42 | 001,651,595 | ---- | M] () -- C:\Windows\Heroes of Hellas 3 Athens Uninstaller.exe
    [2011/09/29 03:24:48 | 000,431,080 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2011/09/29 03:07:38 | 000,000,127 | ---- | M] () -- C:\Windows\System32\MRT.INI
    [2011/09/18 02:59:00 | 000,000,456 | ---- | M] () -- C:\Windows\tasks\Driver Robot.job
    [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    [19 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/10/13 19:12:58 | 000,140,288 | ---- | C] () -- C:\ProgramData\JavaProfilePolicy.dll
    [2011/10/12 13:22:16 | 3219,644,416 | -HS- | C] () -- C:\hiberfil.sys
    [2011/10/12 13:22:16 | 3219,644,416 | -HS- | C] () -- \hiberfil.sys
    [2011/10/11 21:19:04 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2011/10/11 21:19:03 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2011/10/11 21:19:03 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2011/10/11 21:19:03 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2011/10/11 21:19:03 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2011/10/10 15:11:52 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/09/30 18:29:41 | 001,651,595 | ---- | C] () -- C:\Windows\Heroes of Hellas 3 Athens Uninstaller.exe
    [2011/08/02 19:25:56 | 000,005,152 | -HS- | C] () -- C:\ProgramData\oynbse56n1myh
    [2011/08/02 19:25:56 | 000,000,000 | ---- | C] () -- C:\ProgramData\vhca.exe
    [2011/08/02 19:25:56 | 000,000,000 | ---- | C] () -- C:\ProgramData\mqjg.exe
    [2011/08/02 19:25:56 | 000,000,000 | ---- | C] () -- C:\ProgramData\jnmk.exe
    [2011/07/29 21:16:05 | 000,005,606 | -HS- | C] () -- C:\ProgramData\pb34h3q1wypq8y6bh452
    [2011/07/29 21:16:05 | 000,000,000 | ---- | C] () -- C:\ProgramData\ktpu.exe
    [2011/07/29 21:16:05 | 000,000,000 | ---- | C] () -- C:\ProgramData\gwcl.exe
    [2011/07/29 21:16:05 | 000,000,000 | ---- | C] () -- C:\ProgramData\auov.exe
    [2011/07/28 20:52:40 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
    [2011/07/26 11:44:06 | 000,011,350 | -HS- | C] () -- C:\ProgramData\7f2adw3360bh8j3738lxdne7dlx6740362356
    [2011/06/27 18:53:04 | 000,234,855 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
    [2011/06/13 00:25:05 | 000,011,168 | -HS- | C] () -- C:\ProgramData\deow1vg58852bdtc3g62w37712kpxb620d03722ipd
    [2011/05/11 16:24:18 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI
    [2011/04/18 15:05:36 | 000,354,304 | ---- | C] () -- C:\Windows\System32\pythoncom26.dll
    [2011/04/18 15:05:36 | 000,110,592 | ---- | C] () -- C:\Windows\System32\pywintypes26.dll
    [2011/04/17 13:27:33 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
    [2011/04/06 15:56:16 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
    [2011/04/01 21:56:11 | 000,009,804 | -HS- | C] () -- C:\ProgramData\543024106
    [2011/04/01 21:45:25 | 000,009,796 | -HS- | C] () -- C:\ProgramData\dcs020pnx6qb2cg757557o3g4oo7cl1yrtu055q0kf6f
    [2011/04/01 11:58:51 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
    [2011/03/17 17:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\System32\atipblag.dat
    [2011/03/05 01:47:32 | 001,526,689 | ---- | C] () -- C:\Windows\The Timebuilders - Pyramid Rising Uninstaller.exe
    [2011/03/02 15:04:51 | 000,036,892 | ---- | C] () -- C:\Windows\System32\bassmod.dll
    [2010/11/21 17:18:39 | 000,033,792 | ---- | C] () -- C:\Windows\System32\drivers\libusb0.sys
    [2010/10/24 18:36:52 | 000,974,848 | R--- | C] () -- C:\Windows\System32\vorbis.dll
    [2010/10/24 18:36:52 | 000,049,152 | R--- | C] () -- C:\Windows\System32\ogg.dll
    [2010/10/24 18:36:52 | 000,028,672 | R--- | C] () -- C:\Windows\System32\vorbisfile.dll
    [2010/10/14 02:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
    [2010/10/08 21:25:17 | 000,057,344 | ---- | C] () -- C:\Windows\rzrunins.exe
    [2010/08/29 01:21:12 | 000,000,362 | -H-- | C] () -- \IPH.PH
    [2010/08/03 14:38:19 | 000,000,000 | ---- | C] () -- C:\Windows\Game.INI
    [2010/07/04 16:52:39 | 000,000,005 | ---- | C] () -- C:\Windows\treeskp.sys
    [2010/07/04 16:52:39 | 000,000,005 | ---- | C] () -- C:\Windows\sbacknt.bin
    [2010/06/20 14:42:58 | 000,000,000 | ---- | C] () -- C:\Windows\Patapon 2.ini
    [2010/04/14 23:23:43 | 000,000,056 | ---- | C] () -- C:\Windows\kgt2k.INI
    [2010/04/10 21:51:25 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
    [2010/04/10 21:51:24 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
    [2010/04/10 21:51:21 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
    [2010/01/10 13:19:35 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
    [2009/11/30 22:07:45 | 000,138,056 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
    [2009/11/30 22:07:28 | 000,189,248 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
    [2009/11/30 22:07:18 | 002,395,944 | ---- | C] () -- C:\Windows\System32\pbsvc_heroes.exe
    [2009/11/30 22:07:18 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
    [2009/11/24 23:16:53 | 000,000,292 | ---- | C] () -- C:\Windows\ACTIVEJP.INI
    [2009/08/13 22:25:16 | 000,000,848 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
    [2009/08/13 22:25:16 | 000,000,088 | RHS- | C] () -- C:\ProgramData\885FAEECA2.sys
    [2009/08/08 14:54:00 | 000,000,204 | ---- | C] () -- \Plugins
    [2009/06/27 20:32:45 | 000,011,164 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
    [2009/04/10 17:29:58 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
    [2009/02/18 02:34:54 | 000,141,312 | ---- | C] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys
    [2009/01/15 17:12:58 | 000,000,004 | ---- | C] () -- C:\Windows\msadlx.ini
    [2009/01/15 15:58:44 | 000,643,072 | ---- | C] () -- C:\Windows\System32\CohUpdater_UI_Win.dll
    [2008/12/30 02:12:58 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
    [2008/12/30 02:12:58 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
    [2008/12/30 02:12:55 | 000,017,408 | ---- | C] () -- C:\Windows\System32\SeaarchFilterHost.exe
    [2008/12/27 22:21:41 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
    [2008/12/01 19:30:55 | 000,040,960 | R--- | C] () -- C:\Windows\System32\psfind.dll
    [2008/11/06 09:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
    [2008/10/30 18:56:52 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
    [2008/10/17 13:53:35 | 000,000,295 | ---- | C] () -- C:\Windows\EReg072.dat
    [2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
    [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
    [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
    [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
    [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
    [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
    [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
    [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
    [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
    [2008/08/15 09:12:01 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2008/06/30 12:21:04 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
    [2008/06/29 16:33:23 | 000,000,484 | ---- | C] () -- C:\Windows\SIERRA.INI
    [2008/06/29 16:33:13 | 000,000,000 | RHS- | C] () -- \MSDOS.SYS
    [2008/06/29 16:33:13 | 000,000,000 | RHS- | C] () -- \IO.SYS
    [2008/06/05 08:58:26 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
    [2008/05/27 17:58:23 | 000,006,550 | ---- | C] () -- C:\Windows\jautoexp.dat
    [2008/05/19 19:25:14 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
    [2008/05/19 19:25:14 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
    [2008/05/17 22:24:24 | 000,000,528 | R--- | C] () -- \MediaID.bin
    [2008/03/06 00:38:44 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
    [2008/02/18 14:50:33 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
    [2008/02/03 20:46:19 | 000,000,032 | ---- | C] () -- C:\Windows\AuthMgr.INI
    [2008/02/03 00:50:34 | 000,000,017 | ---- | C] () -- C:\Windows\MovingPicture.ini
    [2008/02/03 00:00:00 | 000,196,096 | ---- | C] () -- C:\Windows\System32\macd32.dll
    [2008/02/03 00:00:00 | 000,138,752 | ---- | C] () -- C:\Windows\System32\mase32.dll
    [2008/02/03 00:00:00 | 000,136,192 | ---- | C] () -- C:\Windows\System32\mamc32.dll
    [2008/02/03 00:00:00 | 000,057,856 | ---- | C] () -- C:\Windows\System32\masd32.dll
    [2008/02/03 00:00:00 | 000,027,648 | ---- | C] () -- C:\Windows\System32\ma32.dll
    [2007/12/01 00:57:12 | 000,279,088 | ---- | C] () -- C:\Windows\System32\drivers\srtsp.sys
    [2007/11/23 17:38:35 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
    [2007/11/23 17:04:15 | 000,547,840 | ---- | C] () -- C:\Windows\zHotkey.exe
    [2007/11/23 17:04:15 | 000,532,544 | ---- | C] () -- C:\Windows\PIC.dll
    [2007/11/23 17:04:15 | 000,036,864 | ---- | C] () -- C:\Windows\ShowWnd.exe
    [2007/11/23 17:04:15 | 000,024,576 | ---- | C] () -- C:\Windows\HKNTDLL.dll
    [2007/11/07 08:12:28 | 000,232,960 | ---- | C] () -- \VC_RED.MSI
    [2007/11/07 08:09:22 | 001,442,522 | ---- | C] () -- \VC_RED.cab
    [2007/11/07 08:03:18 | 000,562,688 | ---- | C] () -- \install.exe
    [2007/11/07 08:03:18 | 000,097,296 | ---- | C] () -- \install.res.1036.dll
    [2007/11/07 08:03:18 | 000,096,272 | ---- | C] () -- \install.res.3082.dll
    [2007/11/07 08:03:18 | 000,096,272 | ---- | C] () -- \install.res.1031.dll
    [2007/11/07 08:03:18 | 000,095,248 | ---- | C] () -- \install.res.1040.dll
    [2007/11/07 08:03:18 | 000,091,152 | ---- | C] () -- \install.res.1033.dll
    [2007/11/07 08:03:18 | 000,081,424 | ---- | C] () -- \install.res.1041.dll
    [2007/11/07 08:03:18 | 000,079,888 | ---- | C] () -- \install.res.1042.dll
    [2007/11/07 08:03:18 | 000,076,304 | ---- | C] () -- \install.res.1028.dll
    [2007/11/07 08:03:18 | 000,075,792 | ---- | C] () -- \install.res.2052.dll
    [2007/11/07 08:00:40 | 000,005,686 | ---- | C] () -- \vcredist.bmp
    [2007/11/07 08:00:40 | 000,001,110 | ---- | C] () -- \globdata.ini
    [2007/11/07 08:00:40 | 000,000,843 | ---- | C] () -- \install.ini
    [2007/05/14 23:12:47 | 000,684,544 | ---- | C] () -- C:\Windows\System32\RGSS103J.dll
    [2007/02/19 07:20:28 | 000,106,496 | ---- | C] () -- C:\Windows\System32\dlbtinsr.dll
    [2007/02/19 07:20:24 | 000,036,864 | ---- | C] () -- C:\Windows\System32\dlbtcur.dll
    [2007/02/19 07:20:02 | 000,135,168 | ---- | C] () -- C:\Windows\System32\dlbtjswr.dll
    [2007/02/19 07:17:06 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dlbtinsb.dll
    [2007/02/19 07:17:00 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dlbtcub.dll
    [2007/02/19 07:16:52 | 000,073,728 | ---- | C] () -- C:\Windows\System32\dlbtcu.dll
    [2007/02/19 07:16:48 | 000,159,744 | ---- | C] () -- C:\Windows\System32\dlbtins.dll
    [2007/02/19 07:15:34 | 000,434,176 | ---- | C] () -- C:\Windows\System32\dlbtutil.dll
    [2007/02/07 17:57:16 | 000,344,064 | ---- | C] () -- C:\Windows\System32\dlbtcoin.dll
    [2007/01/22 03:18:28 | 000,069,632 | ---- | C] () -- C:\Windows\System32\dlbtcfg.dll
    [2006/12/07 12:24:36 | 000,241,664 | ---- | C] () -- \EMicon.dll
    [2006/11/22 15:16:18 | 000,003,612 | ---- | C] () -- C:\Windows\ReaderString.ini
    [2006/11/21 11:50:06 | 000,000,037 | ---- | C] () -- C:\Windows\sunkist.ini
    [2006/11/02 05:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2006/11/02 05:47:37 | 000,431,080 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
    [2006/11/02 05:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
    [2006/11/02 03:33:01 | 000,644,530 | ---- | C] () -- C:\Windows\System32\perfh009.dat
    [2006/11/02 03:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
    [2006/11/02 03:33:01 | 000,120,238 | ---- | C] () -- C:\Windows\System32\perfc009.dat
    [2006/11/02 03:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
    [2006/11/02 03:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
    [2006/11/02 03:23:09 | 000,000,121 | ---- | C] () -- \AUTOEXEC.BAT
    [2006/11/02 01:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2006/11/02 01:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
    [2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
    [2006/11/02 00:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
    [2006/11/01 23:25:08 | 000,000,010 | ---- | C] () -- \config.sys
    [2006/06/11 17:36:06 | 000,008,192 | R-S- | C] () -- \BOOTSECT.BAK
    [2006/06/11 17:36:03 | 000,333,203 | RHS- | C] () -- \bootmgr
    [2006/06/11 17:01:15 | 000,352,256 | ---- | C] () -- C:\Windows\System32\HotlineClient.exe
    [2005/08/30 01:00:00 | 000,781,312 | ---- | C] () -- C:\Windows\System32\RGSS102J.dll
    [2005/08/30 01:00:00 | 000,778,752 | ---- | C] () -- C:\Windows\System32\RGSS102E.dll
    [2005/08/30 01:00:00 | 000,771,584 | ---- | C] () -- C:\Windows\System32\RGSS100J.dll
    [2005/08/18 10:26:46 | 000,040,960 | ---- | C] () -- C:\Windows\System32\dlbtvs.dll
    [2005/05/25 10:07:26 | 000,061,440 | ---- | C] () -- C:\Windows\System32\dlbtcnv4.dll
    [2004/07/22 10:51:34 | 003,432,656 | ---- | C] () -- \ManagedDX.CAB
    [2004/07/19 22:58:36 | 001,156,363 | ---- | C] () -- \BDANT.cab
    [2004/07/19 22:53:26 | 000,976,020 | ---- | C] () -- \BDAXP.cab
    [2004/07/09 14:17:16 | 013,265,040 | ---- | C] () -- \dxnt.cab
    [2004/07/09 09:13:48 | 015,493,481 | ---- | C] () -- \DirectX.cab
    [2004/07/09 09:13:46 | 000,703,080 | ---- | C] () -- \BDA.cab
    [2004/07/09 04:08:36 | 000,472,576 | ---- | C] () -- \dxsetup.exe
    [2004/07/09 04:08:34 | 002,242,560 | ---- | C] () -- \dsetup32.dll
    [2004/07/09 03:03:10 | 000,062,976 | ---- | C] () -- \DSETUP.dll
    [2002/03/13 16:46:46 | 000,053,248 | R--- | C] () -- C:\Windows\System32\zlib.dll
    [1995/03/21 17:00:00 | 000,056,832 | ---- | C] () -- C:\Windows\System32\IYVU9_32.DLL

    ========== LOP Check ==========

    [2011/10/15 10:38:40 | 000,000,000 | -H-D | M] -- C:\Users\Administrator\AppData
    [2011/10/15 10:38:21 | 000,000,000 | -HSD | M] -- C:\Users\Administrator\Application Data
    [2011/10/15 10:38:29 | 000,000,000 | R--D | M] -- C:\Users\Administrator\Contacts
    [2011/10/15 10:38:21 | 000,000,000 | -HSD | M] -- C:\Users\Administrator\Cookies
    [2011/10/15 10:38:40 | 000,000,000 | R--D | M] -- C:\Users\Administrator\Desktop
    [2011/10/15 10:39:14 | 000,000,000 | R--D | M] -- C:\Users\Administrator\Documents
    [2011/10/15 10:43:18 | 000,000,000 | R--D | M] -- C:\Users\Administrator\Downloads
    [2011/10/15 10:38:42 | 000,000,000 | R--D | M] -- C:\Users\Administrator\Favorites
    [2011/10/15 10:38:40 | 000,000,000 | R--D | M] -- C:\Users\Administrator\Links
    [2011/10/15 10:38:21 | 000,000,000 | -HSD | M] -- C:\Users\Administrator\Local Settings
    [2011/10/15 10:38:40 | 000,000,000 | R--D | M] -- C:\Users\Administrator\Music
    [2011/10/15 10:38:21 | 000,000,000 | -HSD | M] -- C:\Users\Administrator\My Documents
    [2011/10/15 10:38:21 | 000,000,000 | -HSD | M] -- C:\Users\Administrator\NetHood
    [2011/10/15 10:38:40 | 000,000,000 | R--D | M] -- C:\Users\Administrator\Pictures
    [2011/10/15 10:38:21 | 000,000,000 | -HSD | M] -- C:\Users\Administrator\PrintHood
    [2011/10/15 10:38:21 | 000,000,000 | -HSD | M] -- C:\Users\Administrator\Recent
    [2011/10/15 10:38:40 | 000,000,000 | R--D | M] -- C:\Users\Administrator\Saved Games
    [2011/10/15 10:38:40 | 000,000,000 | R--D | M] -- C:\Users\Administrator\Searches
    [2011/10/15 10:38:21 | 000,000,000 | -HSD | M] -- C:\Users\Administrator\SendTo
    [2011/10/15 10:38:21 | 000,000,000 | -HSD | M] -- C:\Users\Administrator\Start Menu
    [2011/10/15 10:38:21 | 000,000,000 | -HSD | M] -- C:\Users\Administrator\Templates
    [2011/10/15 10:38:40 | 000,000,000 | R--D | M] -- C:\Users\Administrator\Videos
    [2008/10/30 19:12:28 | 000,000,000 | ---D | M] -- C:\Users\All Users\AirportMania
    [2010/03/11 14:22:26 | 000,000,000 | ---D | M] -- C:\Users\All Users\Alawar Entertainment
    [2010/03/03 12:43:33 | 000,000,000 | ---D | M] -- C:\Users\All Users\Alawar Stargaze
    [2011/05/28 23:53:03 | 000,000,000 | ---D | M] -- C:\Users\All Users\AlawarSouthpoint
    [2011/02/02 16:43:35 | 000,000,000 | ---D | M] -- C:\Users\All Users\AlawarWrapper
    [2008/11/10 17:43:26 | 000,000,000 | ---D | M] -- C:\Users\All Users\Alex Gordon
    [2008/02/02 20:02:43 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Application Data
    [2008/04/17 21:29:04 | 000,000,000 | ---D | M] -- C:\Users\All Users\Arcade Lab
    [2009/08/11 16:03:34 | 000,000,000 | ---D | M] -- C:\Users\All Users\Artist Colony
    [2010/12/03 23:53:11 | 000,000,000 | ---D | M] -- C:\Users\All Users\Awem
    [2008/02/03 10:26:34 | 000,000,000 | ---D | M] -- C:\Users\All Users\BIAS
    [2011/06/24 20:50:24 | 000,000,000 | ---D | M] -- C:\Users\All Users\Big Finish
    [2010/09/13 11:43:08 | 000,000,000 | ---D | M] -- C:\Users\All Users\Big Splash Games
    [2011/02/21 21:06:05 | 000,000,000 | ---D | M] -- C:\Users\All Users\BioWare
    [2011/10/03 19:26:11 | 000,000,000 | ---D | M] -- C:\Users\All Users\bitraider
    [2010/06/27 18:10:06 | 000,000,000 | ---D | M] -- C:\Users\All Users\Buried In Time
    [2008/05/17 17:14:49 | 000,000,000 | ---D | M] -- C:\Users\All Users\CanonBJ
    [2011/05/28 21:42:53 | 000,000,000 | ---D | M] -- C:\Users\All Users\Colibri Games
    [2009/12/29 17:03:47 | 000,000,000 | ---D | M] -- C:\Users\All Users\DAEMON Tools Lite
    [2011/06/11 11:51:03 | 000,000,000 | ---D | M] -- C:\Users\All Users\Deep Shadows
    [2008/02/02 20:02:43 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Desktop
    [2010/09/28 12:33:05 | 000,000,000 | ---D | M] -- C:\Users\All Users\dingogames
    [2008/02/02 20:02:43 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Documents
    [2011/06/20 13:31:19 | 000,000,000 | ---D | M] -- C:\Users\All Users\DragonsEye Studios
    [2011/05/28 22:00:51 | 000,000,000 | ---D | M] -- C:\Users\All Users\Dress-up-pups
    [2011/05/19 10:54:24 | 000,000,000 | -HSD | M] -- C:\Users\All Users\DSS
    [2011/03/22 21:53:31 | 000,000,000 | ---D | M] -- C:\Users\All Users\Dying for Daylight
    [2011/09/15 23:15:22 | 000,000,000 | ---D | M] -- C:\Users\All Users\EA Core
    [2011/09/15 23:15:22 | 000,000,000 | ---D | M] -- C:\Users\All Users\Electronic Arts
    [2010/09/13 11:43:26 | 000,000,000 | ---D | M] -- C:\Users\All Users\Enkord
    [2008/03/31 08:50:20 | 000,000,000 | ---D | M] -- C:\Users\All Users\Escape From Paradise
    [2008/10/26 23:27:16 | 000,000,000 | ---D | M] -- C:\Users\All Users\FarmFrenzy2
    [2011/02/15 01:45:35 | 000,000,000 | ---D | M] -- C:\Users\All Users\FarmFrenzy_Rome
    [2008/02/02 20:02:43 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Favorites
    [2010/04/11 10:22:58 | 000,000,000 | ---D | M] -- C:\Users\All Users\Fenomen Games
    [2010/07/23 09:36:18 | 000,000,000 | ---D | M] -- C:\Users\All Users\Firefly Studios
    [2010/10/04 22:54:26 | 000,000,000 | ---D | M] -- C:\Users\All Users\Free Ride Games
    [2008/10/20 23:05:59 | 000,000,000 | ---D | M] -- C:\Users\All Users\FreshGames
    [2010/08/01 14:28:42 | 000,000,000 | ---D | M] -- C:\Users\All Users\FrontLine Registry Cleaner
    [2011/03/26 00:44:30 | 000,000,000 | ---D | M] -- C:\Users\All Users\Fugazo
    [2010/09/13 11:44:42 | 000,000,000 | ---D | M] -- C:\Users\All Users\Funny Bear Studio
    [2009/12/10 20:16:50 | 000,000,000 | ---D | M] -- C:\Users\All Users\GameHouse
    [2010/02/19 20:09:47 | 000,000,000 | ---D | M] -- C:\Users\All Users\GameMill
    [2010/02/19 01:13:26 | 000,000,000 | ---D | M] -- C:\Users\All Users\GAMEON
    [2010/07/08 14:32:38 | 000,000,000 | ---D | M] -- C:\Users\All Users\GamePlastic
    [2010/09/30 11:45:30 | 000,000,000 | ---D | M] -- C:\Users\All Users\Gamers Digital
    [2008/03/08 14:09:45 | 000,000,000 | ---D | M] -- C:\Users\All Users\Geek Squad
    [2009/11/08 12:26:24 | 000,000,000 | ---D | M] -- C:\Users\All Users\GOA
    [2008/12/11 11:37:32 | 000,000,000 | ---D | M] -- C:\Users\All Users\Gogii Games
    [2011/01/15 12:16:13 | 000,000,000 | ---D | M] -- C:\Users\All Users\Green Clover Games
    [2010/07/15 13:30:47 | 000,000,000 | ---D | M] -- C:\Users\All Users\HitPoint Studios
    [2010/03/03 13:25:51 | 000,000,000 | ---D | M] -- C:\Users\All Users\Intenium
    [2010/09/26 00:12:54 | 000,000,000 | ---D | M] -- C:\Users\All Users\iWin
    [2008/08/30 22:20:20 | 000,000,000 | ---D | M] -- C:\Users\All Users\iWin Games
    [2010/09/25 20:59:59 | 000,000,000 | ---D | M] -- C:\Users\All Users\iWinG
    [2010/02/22 12:13:46 | 000,000,000 | ---D | M] -- C:\Users\All Users\JollyBear
    [2009/02/01 11:14:13 | 000,000,000 | ---D | M] -- C:\Users\All Users\KingsIsle Entertainment
    [2008/07/14 13:57:52 | 000,000,000 | ---D | M] -- C:\Users\All Users\Lionhead Studios
    [2009/07/23 00:23:49 | 000,000,000 | ---D | M] -- C:\Users\All Users\Meridian93
    [2010/06/22 13:50:21 | 000,000,000 | ---D | M] -- C:\Users\All Users\Merscom
    [2011/05/04 21:27:27 | 000,000,000 | ---D | M] -- C:\Users\All Users\MumboJumbo
    [2010/09/22 12:35:42 | 000,000,000 | ---D | M] -- C:\Users\All Users\MythPeople
    [2009/05/15 15:25:25 | 000,000,000 | ---D | M] -- C:\Users\All Users\Namco
    [2007/11/23 17:34:22 | 000,000,000 | ---D | M] -- C:\Users\All Users\Napster
    [2011/04/04 14:57:29 | 000,000,000 | ---D | M] -- C:\Users\All Users\NatGeoGames
    [2008/02/02 20:17:26 | 000,000,000 | ---D | M] -- C:\Users\All Users\NetZero
    [2011/02/02 02:25:25 | 000,000,000 | ---D | M] -- C:\Users\All Users\Nevosoft-Breeze
    [2010/05/06 13:14:28 | 000,000,000 | ---D | M] -- C:\Users\All Users\Particles
    [2011/04/01 19:25:49 | 000,000,000 | ---D | M] -- C:\Users\All Users\PC Drivers HeadQuarters
    [2008/02/03 00:02:54 | 000,000,000 | ---D | M] -- C:\Users\All Users\Pinnacle
    [2008/02/03 00:03:03 | 000,000,000 | ---D | M] -- C:\Users\All Users\Pinnacle Studio
    [2011/04/25 15:34:30 | 000,000,000 | ---D | M] -- C:\Users\All Users\PlayFirst
    [2011/06/27 19:44:19 | 000,000,000 | ---D | M] -- C:\Users\All Users\Playrix Entertainment
    [2011/10/05 17:02:31 | 000,000,000 | ---D | M] -- C:\Users\All Users\PMB Files
    [2011/05/29 11:02:50 | 000,000,000 | ---D | M] -- C:\Users\All Users\PopCap Games
    [2008/11/04 21:34:29 | 000,000,000 | ---D | M] -- C:\Users\All Users\QB9 S.R.L
    [2010/09/30 11:28:56 | 000,000,000 | ---D | M] -- C:\Users\All Users\Rare Treasures - Dinnerware Trading Company
    [2009/02/22 14:59:47 | 000,000,000 | ---D | M] -- C:\Users\All Users\Reflexive
    [2010/10/20 14:48:29 | 000,000,000 | ---D | M] -- C:\Users\All Users\Rumbic Studio
    [2008/10/23 19:24:06 | 000,000,000 | ---D | M] -- C:\Users\All Users\Sandlot Games
    [2010/05/11 17:17:34 | 000,000,000 | ---D | M] -- C:\Users\All Users\SimCity Societies
    [2011/02/27 11:14:52 | 000,000,000 | ---D | M] -- C:\Users\All Users\Solidshield
    [2009/07/23 10:23:52 | 000,000,000 | ---D | M] -- C:\Users\All Users\SpinTop
    [2009/06/15 22:55:04 | 000,000,000 | ---D | M] -- C:\Users\All Users\Sprouts Adventure
    [2011/09/02 00:40:36 | 000,000,000 | ---D | M] -- C:\Users\All Users\Spyware Terminator
    [2008/10/31 16:07:24 | 000,000,000 | ---D | M] -- C:\Users\All Users\Stardock
    [2008/02/02 20:02:43 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Start Menu
    [2010/02/05 00:04:26 | 000,000,000 | ---D | M] -- C:\Users\All Users\SZ
    [2010/06/22 13:50:05 | 000,000,000 | ---D | M] -- C:\Users\All Users\TeleportGamesLtd
    [2011/10/03 15:40:01 | 000,000,000 | ---D | M] -- C:\Users\All Users\TEMP
    [2008/02/02 20:02:43 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Templates
    [2010/04/19 10:21:26 | 000,000,000 | ---D | M] -- C:\Users\All Users\The Inquisitor
    [2009/05/03 22:13:16 | 000,000,000 | ---D | M] -- C:\Users\All Users\TikGames
    [2010/02/06 13:36:08 | 000,000,000 | ---D | M] -- C:\Users\All Users\Try2
    [2011/03/26 18:28:21 | 000,000,000 | ---D | M] -- C:\Users\All Users\Ubisoft
    [2009/09/06 12:08:43 | 000,000,000 | ---D | M] -- C:\Users\All Users\UClick
    [2009/06/26 14:10:25 | 000,000,000 | ---D | M] -- C:\Users\All Users\udijmpoz
    [2010/02/21 13:53:48 | 000,000,000 | ---D | M] -- C:\Users\All Users\ValuSoft
    [2011/08/14 22:21:48 | 000,000,000 | ---D | M] -- C:\Users\All Users\WeCareReminder
    [2010/09/25 21:11:50 | 000,000,000 | ---D | M] -- C:\Users\All Users\WildTangent
    [2010/01/05 12:47:18 | 000,000,000 | ---D | M] -- C:\Users\All Users\WindowsSearch
    [2009/09/07 00:45:20 | 000,000,000 | ---D | M] -- C:\Users\All Users\yxytcfon
    [2007/11/23 17:28:58 | 000,000,000 | ---D | M] -- C:\Users\All Users\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
    [2006/11/02 04:18:34 | 000,000,000 | -H-D | M] -- C:\Users\Default\AppData
    [2008/02/02 20:02:43 | 000,000,000 | -HSD | M] -- C:\Users\Default\Application Data
    [2008/02/02 20:02:43 | 000,000,000 | -HSD | M] -- C:\Users\Default\Cookies
    [2006/11/02 03:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Desktop
    [2008/02/02 20:02:43 | 000,000,000 | R--D | M] -- C:\Users\Default\Documents
    [2006/11/02 03:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Downloads
    [2006/11/02 03:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Favorites
    [2006/11/02 03:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Links
    [2008/02/02 20:02:43 | 000,000,000 | -HSD | M] -- C:\Users\Default\Local Settings
    [2006/11/02 03:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Music
    [2008/02/02 20:02:43 | 000,000,000 | -HSD | M] -- C:\Users\Default\My Documents
    [2008/02/02 20:02:43 | 000,000,000 | -HSD | M] -- C:\Users\Default\NetHood
    [2006/11/02 03:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Pictures
    [2008/02/02 20:02:43 | 000,000,000 | -HSD | M] -- C:\Users\Default\PrintHood
    [2008/02/02 20:02:43 | 000,000,000 | -HSD | M] -- C:\Users\Default\Recent
    [2006/11/02 03:23:35 | 000,000,000 | ---D | M] -- C:\Users\Default\Saved Games
    [2008/02/02 20:02:43 | 000,000,000 | -HSD | M] -- C:\Users\Default\SendTo
    [2008/02/02 20:02:43 | 000,000,000 | -HSD | M] -- C:\Users\Default\Start Menu
    [2008/02/02 20:02:43 | 000,000,000 | -HSD | M] -- C:\Users\Default\Templates
    [2008/02/03 00:00:34 | 000,000,000 | R--D | M] -- C:\Users\Default\Videos
    [2009/02/19 21:51:29 | 000,000,000 | -H-D | M] -- C:\Users\Lucas\AppData
    [2008/02/02 20:06:44 | 000,000,000 | -HSD | M] -- C:\Users\Lucas\Application Data
    [2008/12/03 20:22:50 | 000,000,000 | R--D | M] -- C:\Users\Lucas\Contacts
    [2008/02/02 20:06:44 | 000,000,000 | -HSD | M] -- C:\Users\Lucas\Cookies
    [2011/10/15 13:56:18 | 000,000,000 | R--D | M] -- C:\Users\Lucas\Desktop
    [2011/10/13 23:28:40 | 000,000,000 | ---D | M] -- C:\Users\Lucas\Documents
    [2011/10/15 13:56:18 | 000,000,000 | R--D | M] -- C:\Users\Lucas\Downloads
    [2011/03/16 12:04:12 | 000,000,000 | R--D | M] -- C:\Users\Lucas\Favorites
    [2008/05/26 18:13:17 | 000,000,000 | R--D | M] -- C:\Users\Lucas\Links
    [2008/02/02 20:06:44 | 000,000,000 | -HSD | M] -- C:\Users\Lucas\Local Settings
    [2010/11/12 23:31:57 | 000,000,000 | R--D | M] -- C:\Users\Lucas\Music
    [2008/02/02 20:06:44 | 000,000,000 | -HSD | M] -- C:\Users\Lucas\My Documents
    [2008/02/02 20:06:44 | 000,000,000 | -HSD | M] -- C:\Users\Lucas\NetHood
    [2010/12/29 13:51:44 | 000,000,000 | R--D | M] -- C:\Users\Lucas\Pictures
    [2008/02/02 20:06:44 | 000,000,000 | -HSD | M] -- C:\Users\Lucas\PrintHood
    [2008/08/26 15:03:36 | 000,000,000 | ---D | M] -- C:\Users\Lucas\Program Files
    [2008/02/02 20:06:44 | 000,000,000 | -HSD | M] -- C:\Users\Lucas\Recent
    [2011/07/25 23:04:33 | 000,000,000 | ---D | M] -- C:\Users\Lucas\RenPy
    [2011/05/19 13:22:13 | 000,000,000 | R--D | M] -- C:\Users\Lucas\Saved Games
    [2008/05/26 18:13:16 | 000,000,000 | R--D | M] -- C:\Users\Lucas\Searches
    [2008/02/02 20:06:44 | 000,000,000 | -HSD | M] -- C:\Users\Lucas\SendTo
    [2008/02/02 20:06:44 | 000,000,000 | -HSD | M] -- C:\Users\Lucas\Start Menu
    [2008/02/02 20:06:44 | 000,000,000 | -HSD | M] -- C:\Users\Lucas\Templates
    [2011/01/30 23:59:47 | 000,000,000 | ---D | M] -- C:\Users\Lucas\Tracing
    [2011/03/22 18:52:40 | 000,000,000 | R--D | M] -- C:\Users\Lucas\Videos
    [2011/10/10 15:11:52 | 000,000,000 | RH-D | M] -- C:\Users\Public\Desktop
    [2011/10/03 16:53:12 | 000,000,000 | R--D | M] -- C:\Users\Public\Documents
    [2009/04/01 02:30:34 | 000,000,000 | R--D | M] -- C:\Users\Public\Downloads
    [2006/11/02 03:23:35 | 000,000,000 | RH-D | M] -- C:\Users\Public\Favorites
    [2006/11/02 05:50:50 | 000,000,000 | R--D | M] -- C:\Users\Public\Music
    [2008/02/03 00:00:34 | 000,000,000 | ---D | M] -- C:\Users\Public\My Documents
    [2006/11/02 05:50:50 | 000,000,000 | R--D | M] -- C:\Users\Public\Pictures
    [2011/01/03 03:01:00 | 000,000,000 | R--D | M] -- C:\Users\Public\Recorded TV
    [2011/01/23 19:31:51 | 000,000,000 | ---D | M] -- C:\Users\Public\Sony Online Entertainment
    [2008/02/03 17:34:38 | 000,000,000 | R--D | M] -- C:\Users\Public\Videos
    [2011/10/08 20:36:07 | 000,000,368 | ---- | M] () -- C:\Windows\Tasks\At1.job
    [2011/09/18 02:59:00 | 000,000,456 | ---- | M] () -- C:\Windows\Tasks\Driver Robot.job
    [2011/10/14 11:59:22 | 000,032,626 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
    [2011/10/13 21:37:12 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{141C37F0-0A5E-467E-86CC-4B5A2FF87D3A}.job

    ========== Purity Check ==========



    ========== Custom Scans ==========
     
    thunderclan,
    #25
  7. 2011/10/15
    thunderclan

    thunderclan Inactive Thread Starter

    Joined:
    2011/10/11
    Messages:
    31
    Likes Received:
    0
    < %SYSTEMDRIVE%\*.* >
    [2008/02/03 00:00:01 | 000,000,121 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2004/07/09 09:13:46 | 000,703,080 | ---- | M] () -- C:\BDA.cab
    [2004/07/19 22:58:36 | 001,156,363 | ---- | M] () -- C:\BDANT.cab
    [2004/07/19 22:53:26 | 000,976,020 | ---- | M] () -- C:\BDAXP.cab
    [2011/07/30 13:37:32 | 000,000,175 | ---- | M] () -- C:\BMSetup.log
    [2008/01/19 00:45:45 | 000,333,203 | RHS- | M] () -- C:\bootmgr
    [2006/06/11 17:36:06 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
    [2006/09/18 14:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
    [2011/07/16 11:02:41 | 000,000,171 | ---- | M] () -- C:\Debug.log
    [2004/07/09 09:13:48 | 015,493,481 | ---- | M] () -- C:\DirectX.cab
    [2004/07/09 03:03:10 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\DSETUP.dll
    [2004/07/09 04:08:34 | 002,242,560 | ---- | M] (Microsoft Corporation) -- C:\dsetup32.dll
    [2004/07/09 14:17:16 | 013,265,040 | ---- | M] () -- C:\dxnt.cab
    [2004/07/09 04:08:36 | 000,472,576 | ---- | M] (Microsoft Corporation) -- C:\dxsetup.exe
    [2006/12/07 12:24:36 | 000,241,664 | ---- | M] (Alcor Micro, Corp.) -- C:\EMicon.dll
    [2009/05/09 18:53:39 | 000,000,045 | ---- | M] () -- C:\error.log
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
    [2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
    [2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
    [2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
    [2011/10/14 17:12:26 | 3219,644,416 | -HS- | M] () -- C:\hiberfil.sys
    [2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
    [2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
    [2007/11/07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
    [2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
    [2007/11/07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
    [2007/11/07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
    [2007/11/07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
    [2007/11/07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
    [2007/11/07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
    [2007/11/07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
    [2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
    [2008/06/29 16:33:13 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2010/08/29 01:21:43 | 000,000,362 | -H-- | M] () -- C:\IPH.PH
    [2007/11/23 17:13:02 | 000,000,165 | ---- | M] () -- C:\labelPrint.log
    [2004/07/22 10:51:34 | 003,432,656 | ---- | M] () -- C:\ManagedDX.CAB
    [2008/05/17 22:24:24 | 000,000,528 | R--- | M] () -- C:\MediaID.bin
    [2008/06/29 16:33:13 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2011/10/14 17:12:24 | 3533,451,264 | -HS- | M] () -- C:\pagefile.sys
    [2009/08/08 14:53:58 | 000,000,204 | ---- | M] () -- C:\Plugins
    [2007/11/23 17:18:26 | 000,000,163 | ---- | M] () -- C:\power2go.log
    [2007/11/23 17:09:50 | 000,000,426 | ---- | M] () -- C:\RHDSetup.log
    [2011/10/12 13:52:16 | 000,000,446 | ---- | M] () -- C:\rkill.log
    [2011/10/11 20:42:09 | 000,081,616 | ---- | M] () -- C:\TDSSKiller.2.6.7.0_11.10.2011_20.28.35_log.txt
    [2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
    [2007/11/07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
    [2007/11/07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI

    < %systemroot%\Fonts\*.com >
    [2006/11/02 05:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2006/11/02 05:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2006/11/02 05:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2006/11/02 05:37:12 | 000,030,808 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2006/09/18 14:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2006/07/30 22:00:00 | 000,022,528 | ---- | M] (CANON INC.) -- C:\Windows\system32\spool\prtprocs\w32x86\CNMPD7W.DLL
    [2006/07/30 22:00:00 | 000,065,024 | ---- | M] (CANON INC.) -- C:\Windows\system32\spool\prtprocs\w32x86\CNMPP7W.DLL
    [2007/01/30 09:44:30 | 000,118,272 | ---- | M] (Lexmark International, Inc.) -- C:\Windows\system32\spool\prtprocs\w32x86\dlbtPP5C.DLL
    [2010/09/02 15:17:50 | 000,196,608 | ---- | M] (Eastman Kodak Company) -- C:\Windows\system32\spool\prtprocs\w32x86\EKIJ5000PPR.dll
    [2006/11/02 05:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll
    [2006/10/26 20:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\msonpppr.dll

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2008/02/20 17:50:28 | 000,903,680 | ---- | M] (Jan Kolarik & Ondrej Vaverka) -- C:\Windows\Patapon 2.scr
    [2006/08/15 12:20:10 | 000,106,496 | ---- | M] (Nova Development.) -- C:\Windows\UPSCR.Scr
    [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    < %systemroot%\*._sy >
     
    thunderclan,
    #26
  8. 2011/10/15
    thunderclan

    thunderclan Inactive Thread Starter

    Joined:
    2011/10/11
    Messages:
    31
    Likes Received:
    0
    Invalid Environment Variable: APPDATA

    < %ALLUSERSPROFILE%\Favorites\*.* >

    Invalid Environment Variable: APPDATA

    < %PROGRAMFILES%\*.* >
    [2008/12/28 11:32:23 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

    Invalid Environment Variable: APPDATA

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2006/11/02 03:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
    [2006/11/02 03:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
    [2006/11/02 03:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
    [2006/11/02 03:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
    [2006/11/02 03:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    Invalid Environment Variable: APPDATA

    < %USERPROFILE%\Desktop\*.exe >
    [2011/10/15 13:55:57 | 000,583,168 | ---- | M] (OldTimer Tools) -- C:\Users\Lucas\Desktop\OTL.exe
    [2011/10/13 21:48:25 | 000,139,264 | ---- | M] () -- C:\Users\Lucas\Desktop\SystemLook.exe
    [1 C:\Users\Lucas\Desktop\*.tmp files -> C:\Users\Lucas\Desktop\*.tmp -> ]

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    Invalid Environment Variable: APPDATA

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2010/09/22 19:22:57 | 000,000,402 | -HS- | M] () -- C:\Users\Lucas\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >
     
    thunderclan,
    #27
  9. 2011/10/15
    thunderclan

    thunderclan Inactive Thread Starter

    Joined:
    2011/10/11
    Messages:
    31
    Likes Received:
    0
    < %ALLUSERSPROFILE%\*.dat /x >
    [2011/04/01 21:56:52 | 000,009,804 | -HS- | M] () -- C:\ProgramData\543024106
    [2011/07/26 11:51:06 | 000,011,350 | -HS- | M] () -- C:\ProgramData\7f2adw3360bh8j3738lxdne7dlx6740362356
    [2009/08/13 22:25:39 | 000,000,088 | RHS- | M] () -- C:\ProgramData\885FAEECA2.sys
    [2011/07/29 21:16:05 | 000,000,000 | ---- | M] () -- C:\ProgramData\auov.exe
    [2011/04/01 23:00:47 | 000,009,796 | -HS- | M] () -- C:\ProgramData\dcs020pnx6qb2cg757557o3g4oo7cl1yrtu055q0kf6f
    [2011/06/13 00:31:53 | 000,011,168 | -HS- | M] () -- C:\ProgramData\deow1vg58852bdtc3g62w37712kpxb620d03722ipd
    [2011/07/29 21:16:05 | 000,000,000 | ---- | M] () -- C:\ProgramData\gwcl.exe
    [2011/10/13 19:12:58 | 000,140,288 | ---- | M] () -- C:\ProgramData\JavaProfilePolicy.dll
    [2011/08/02 19:25:56 | 000,000,000 | ---- | M] () -- C:\ProgramData\jnmk.exe
    [2009/08/13 22:25:39 | 000,000,848 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
    [2011/07/29 21:16:05 | 000,000,000 | ---- | M] () -- C:\ProgramData\ktpu.exe
    [2011/10/11 20:32:38 | 000,100,352 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\MicrosoftUpdateNotifier.dll
    [2011/08/02 19:25:56 | 000,000,000 | ---- | M] () -- C:\ProgramData\mqjg.exe
    [2011/08/02 19:31:52 | 000,005,152 | -HS- | M] () -- C:\ProgramData\oynbse56n1myh
    [2011/07/29 21:22:08 | 000,005,606 | -HS- | M] () -- C:\ProgramData\pb34h3q1wypq8y6bh452
    [2011/08/02 19:25:56 | 000,000,000 | ---- | M] () -- C:\ProgramData\vhca.exe

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >
    Heroes of Hellas 3 Athens Uninstaller.exe
    Patapon 2.exe
    The Timebuilders - Pyramid Rising Uninstaller.exe
     
    thunderclan,
    #28
  10. 2011/10/15
    thunderclan

    thunderclan Inactive Thread Starter

    Joined:
    2011/10/11
    Messages:
    31
    Likes Received:
    0
    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >
     
    thunderclan,
    #29
  11. 2011/10/15
    thunderclan

    thunderclan Inactive Thread Starter

    Joined:
    2011/10/11
    Messages:
    31
    Likes Received:
    0
    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >
     
    thunderclan,
    #30
  12. 2011/10/15
    thunderclan

    thunderclan Inactive Thread Starter

    Joined:
    2011/10/11
    Messages:
    31
    Likes Received:
    0
    < MD5 for: SRTSP.SYS >
    [2007/12/01 00:57:12 | 000,279,088 | ---- | M] () MD5=AD0D90AB9C32C2C0B62A5611E21B5E7B -- C:\Windows\System32\drivers\srtsp.sys

    ========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
    [C:\Windows\$NtUninstallKB25102$] -> -> Unknown point type

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 99 bytes -> C:\Users\All Users\TEMP:83EAC886
    @Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:83EAC886
    @Alternate Data Stream - 264 bytes -> C:\Users\All Users\TEMP:23ABA437
    @Alternate Data Stream - 264 bytes -> C:\ProgramData\TEMP:23ABA437
    @Alternate Data Stream - 171 bytes -> C:\Users\All Users\TEMP:6EE8565A
    @Alternate Data Stream - 171 bytes -> C:\ProgramData\TEMP:6EE8565A
    @Alternate Data Stream - 165 bytes -> C:\Users\All Users\TEMP:30759574
    @Alternate Data Stream - 165 bytes -> C:\ProgramData\TEMP:30759574
    @Alternate Data Stream - 158 bytes -> C:\Users\All Users\TEMP:FB4262DE
    @Alternate Data Stream - 158 bytes -> C:\ProgramData\TEMP:FB4262DE
    @Alternate Data Stream - 147 bytes -> C:\Users\All Users\TEMP:25DEF972
    @Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:25DEF972
    @Alternate Data Stream - 143 bytes -> C:\Users\All Users\TEMP:5F59E8EA
    @Alternate Data Stream - 143 bytes -> C:\Users\All Users\TEMP:5CE91C67
    @Alternate Data Stream - 143 bytes -> C:\Users\All Users\TEMP:1181620C
    @Alternate Data Stream - 143 bytes -> C:\Users\All Users\TEMP:0C13C008
    @Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:5F59E8EA
    @Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:5CE91C67
    @Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:1181620C
    @Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:0C13C008
    @Alternate Data Stream - 142 bytes -> C:\Users\All Users\TEMP:B38BEEEE
    @Alternate Data Stream - 142 bytes -> C:\Users\All Users\TEMP:AE8FDB48
    @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:B38BEEEE
    @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:AE8FDB48
    @Alternate Data Stream - 141 bytes -> C:\Users\All Users\TEMP:F6A0889A
    @Alternate Data Stream - 141 bytes -> C:\Users\All Users\TEMP:512336B9
    @Alternate Data Stream - 141 bytes -> C:\Users\All Users\TEMP:436BE28C
    @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:F6A0889A
    @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:512336B9
    @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:436BE28C
    @Alternate Data Stream - 140 bytes -> C:\Users\All Users\TEMP:D9F34335
    @Alternate Data Stream - 140 bytes -> C:\Users\All Users\TEMP:6017A808
    @Alternate Data Stream - 140 bytes -> C:\Users\All Users\TEMP:56EA0C81
    @Alternate Data Stream - 140 bytes -> C:\Users\All Users\TEMP:35FAD15D
    @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:D9F34335
    @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:6017A808
    @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:56EA0C81
    @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:35FAD15D
    @Alternate Data Stream - 139 bytes -> C:\Users\All Users\TEMP:E894A3ED
    @Alternate Data Stream - 139 bytes -> C:\Users\All Users\TEMP:CA23BCFD
    @Alternate Data Stream - 139 bytes -> C:\Users\All Users\TEMP:7BFAAE70
    @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:E894A3ED
    @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:CA23BCFD
    @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:7BFAAE70
    @Alternate Data Stream - 138 bytes -> C:\Users\All Users\TEMP:0F3F6B1E
    @Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:0F3F6B1E
    @Alternate Data Stream - 136 bytes -> C:\Users\All Users\TEMP:80EA2EA3
    @Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:80EA2EA3
    @Alternate Data Stream - 135 bytes -> C:\Users\All Users\TEMP:C36D0DFD
    @Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:C36D0DFD
    @Alternate Data Stream - 134 bytes -> C:\Users\All Users\TEMP:18BFD8F8
    @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:18BFD8F8
    @Alternate Data Stream - 133 bytes -> C:\Users\All Users\TEMP:DE9AC04F
    @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:DE9AC04F
    @Alternate Data Stream - 132 bytes -> C:\Users\All Users\TEMP:E9FAC3AB
    @Alternate Data Stream - 132 bytes -> C:\Users\All Users\TEMP:C8B8CEBD
    @Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:E9FAC3AB
    @Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:C8B8CEBD
    @Alternate Data Stream - 131 bytes -> C:\Users\All Users\TEMP:23834E1E
    @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:23834E1E
    @Alternate Data Stream - 130 bytes -> C:\Users\All Users\TEMP:9E76E7F3
    @Alternate Data Stream - 130 bytes -> C:\Users\All Users\TEMP:79875988
    @Alternate Data Stream - 130 bytes -> C:\Users\All Users\TEMP:341C1FBD
    @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:9E76E7F3
    @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:79875988
    @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:341C1FBD
    @Alternate Data Stream - 129 bytes -> C:\Users\All Users\TEMP:61B54B15
    @Alternate Data Stream - 129 bytes -> C:\Users\All Users\TEMP:4B215686
    @Alternate Data Stream - 129 bytes -> C:\Users\All Users\TEMP:3E200C29
    @Alternate Data Stream - 129 bytes -> C:\Users\All Users\TEMP:19636FDD
    @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:61B54B15
    @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:4B215686
    @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:3E200C29
    @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:19636FDD
    @Alternate Data Stream - 128 bytes -> C:\Users\All Users\TEMP:CADCEDF4
    @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:CADCEDF4
    @Alternate Data Stream - 127 bytes -> C:\Users\All Users\TEMP:C7579A33
    @Alternate Data Stream - 127 bytes -> C:\Users\All Users\TEMP:90595C34
    @Alternate Data Stream - 127 bytes -> C:\Users\All Users\TEMP:7C8AA9A6
    @Alternate Data Stream - 127 bytes -> C:\Users\All Users\TEMP:609CAC7C
    @Alternate Data Stream - 127 bytes -> C:\Users\All Users\TEMP:32FFF2D1
    @Alternate Data Stream - 127 bytes -> C:\Users\All Users\TEMP:2AE74FF9
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:C7579A33
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:90595C34
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:7C8AA9A6
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:609CAC7C
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:32FFF2D1
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:2AE74FF9
    @Alternate Data Stream - 126 bytes -> C:\Users\All Users\TEMP:36FFA2FB
    @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:36FFA2FB
    @Alternate Data Stream - 125 bytes -> C:\Users\All Users\TEMP:4D9D205F
    @Alternate Data Stream - 125 bytes -> C:\Users\All Users\TEMP:206470A5
    @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:4D9D205F
    @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:206470A5
    @Alternate Data Stream - 124 bytes -> C:\Users\All Users\TEMP:91A12471
    @Alternate Data Stream - 124 bytes -> C:\Users\All Users\TEMP:7E082023
    @Alternate Data Stream - 124 bytes -> C:\Users\All Users\TEMP:2B1EA607
    @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:91A12471
    @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:7E082023
    @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:2B1EA607
    @Alternate Data Stream - 123 bytes -> C:\Users\All Users\TEMP:E6D148BC
    @Alternate Data Stream - 123 bytes -> C:\Users\All Users\TEMP:A133096E
    @Alternate Data Stream - 123 bytes -> C:\Users\All Users\TEMP:33E12B7A
    @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:E6D148BC
    @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:A133096E
    @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:33E12B7A
    @Alternate Data Stream - 122 bytes -> C:\Users\All Users\TEMP:B30D9A49
    @Alternate Data Stream - 122 bytes -> C:\Users\All Users\TEMP:773B02D4
    @Alternate Data Stream - 122 bytes -> C:\Users\All Users\TEMP:0441DB7A
    @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:B30D9A49
    @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:773B02D4
    @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:0441DB7A
    @Alternate Data Stream - 121 bytes -> C:\Users\All Users\TEMP:C3D26A8A
    @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:C3D26A8A
    @Alternate Data Stream - 119 bytes -> C:\Users\All Users\TEMP:EF0C5444
    @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:EF0C5444
    @Alternate Data Stream - 118 bytes -> C:\Users\All Users\TEMP:FED25C29
    @Alternate Data Stream - 118 bytes -> C:\Users\All Users\TEMP:D390A6A7
    @Alternate Data Stream - 118 bytes -> C:\Users\All Users\TEMP:CCB49694
    @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:FED25C29
    @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:D390A6A7
    @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:CCB49694
    @Alternate Data Stream - 117 bytes -> C:\Users\All Users\TEMP:F9EDCFB0
    @Alternate Data Stream - 117 bytes -> C:\Users\All Users\TEMP:EB86F355
    @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:F9EDCFB0
    @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:EB86F355
    @Alternate Data Stream - 116 bytes -> C:\Users\All Users\TEMP:F142DBA9
    @Alternate Data Stream - 116 bytes -> C:\Users\All Users\TEMP:64170090
    @Alternate Data Stream - 116 bytes -> C:\Users\All Users\TEMP:1585E7B2
    @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:F142DBA9
    @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:64170090
    @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:1585E7B2
    @Alternate Data Stream - 115 bytes -> C:\Users\All Users\TEMP:61A3E318
    @Alternate Data Stream - 115 bytes -> C:\Users\All Users\TEMP:51CF9716
    @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:61A3E318
    @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:51CF9716
    @Alternate Data Stream - 114 bytes -> C:\Users\All Users\TEMP:35629AE6
    @Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:35629AE6
    @Alternate Data Stream - 113 bytes -> C:\Users\All Users\TEMP:A2FF62A6
    @Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:A2FF62A6
    @Alternate Data Stream - 112 bytes -> C:\Users\All Users\TEMP:249F95D0
    @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:249F95D0
    @Alternate Data Stream - 110 bytes -> C:\Users\All Users\TEMP:2E224648
    @Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:2E224648
    @Alternate Data Stream - 109 bytes -> C:\Users\All Users\TEMP:DFC5A2B2
    @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2
    @Alternate Data Stream - 102 bytes -> C:\Users\All Users\TEMP:24051EFF
    @Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:24051EFF
    @Alternate Data Stream - 101 bytes -> C:\Users\All Users\TEMP:8A6A2C1E
    @Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:8A6A2C1E

    < End of report >
     
    thunderclan,
    #31
  13. 2011/10/15
    thunderclan

    thunderclan Inactive Thread Starter

    Joined:
    2011/10/11
    Messages:
    31
    Likes Received:
    0
    There was a couple lines that refused to be posted, kept giving me the connection reset page.

    Going to see if I can just type them in, give me a moment...
     
    thunderclan,
    #32
  14. 2011/10/15
    thunderclan

    thunderclan Inactive Thread Starter

    Joined:
    2011/10/11
    Messages:
    31
    Likes Received:
    0
    Invalid Environment Variable: AppData
     
    thunderclan,
    #33
  15. 2011/10/15
    thunderclan

    thunderclan Inactive Thread Starter

    Joined:
    2011/10/11
    Messages:
    31
    Likes Received:
    0
    < %ProgramFiles%\Messenger\*.* >
     
    thunderclan,
    #34
  16. 2011/10/15
    thunderclan

    thunderclan Inactive Thread Starter

    Joined:
    2011/10/11
    Messages:
    31
    Likes Received:
    0
    < %systemroot%\system32\systhem32\*.* >
     
    thunderclan,
    #35
  17. 2011/10/15
    thunderclan

    thunderclan Inactive Thread Starter

    Joined:
    2011/10/11
    Messages:
    31
    Likes Received:
    0
    < %systemroot%\system\*.exe >
     
    thunderclan,
    #36
  18. 2011/10/15
    thunderclan

    thunderclan Inactive Thread Starter

    Joined:
    2011/10/11
    Messages:
    31
    Likes Received:
    0
    Two lines won't post, HKEYs, both have to do with Windows Update

    The other 4 lines go between the last two large posts
     
    thunderclan,
    #37
  19. 2011/10/15
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    First run Norton Removal Tool: https://www-secure.symantec.com/nor...&version=1&pvid=f-home&entsrc=redirect_pubweb

    =============================================================

    Please click HERE to download Kaspersky Virus Removal Tool.

    • Double click on the file you just downloaded and let it install.
    • It will install to your desktop (be patient; it may take a while).
    • Accept license agreement and click "Start" button.
    • Click on Settings button [​IMG]
      • In Scan scope leave pre-checked items as they're and also checkmark My Computer
      • In Actions checkmark Select action: (disinfect; delete if disinfection fails) instead of preselected Prompt on detection
    • Click on Automatic Scan tab and then click on Start scanning button.
    • Before it is done it may prompt for action regardless of the setting so choose delete if prompted.
    • When the scan is done NO log will be produced.
    • Click on Report button [​IMG] then on Automatic Scan report tab.
    • Right click anywhere within right pane, click Select All then right click again and click Copy.
    • This will copy the items that it found to the clipboard you can then open notepad (go to start then run then type in notepad) and choose paste to paste the contents into Notepad.
    • You can save this on the desktop.
    • Post the contents of the document in your next reply.
     
    broni,
    #38
  20. 2011/10/15
    thunderclan

    thunderclan Inactive Thread Starter

    Joined:
    2011/10/11
    Messages:
    31
    Likes Received:
    0
    Oh...I see what I'm supposed to do, but which product do I have?
     
    thunderclan,
    #39
  21. 2011/10/15
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    It doesn't matter.
    All links lead to a very same tool.
     
    broni,
    #40
Page 2 of 3
Thread Status:
Not open for further replies.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...