Solved Redirected to Qbyrd and Ask.com

mrbiglive · 2011/01/22

[Resolved] Redirected to Qbyrd and Ask.com

Hi,

I've recently restored my laptop to "Factory Settings" because of some malware problems. I thought it was cleaned, but today I still have the "redirecting" problem. Some of the familiar links I typed or clicked so how got redirected to a search page by Ask.com or qbyrd.com

I thought the computer was clean but apparently not. Here's the requested logs

Mbam:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5571

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

23/1/2011 1:36:59 AM
mbam-log-2011-01-23 (01-36-59).txt

Scan type: Quick scan
Objects scanned: 168767
Time elapsed: 1 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

PeteC · 2011/01/22

Welcome to WindowsBBS

... and the rest of the logs requested, please. Please note .....

As a new member with less than 10 posts any post you make which contains a URL requires approval (moderation) before it is visible.
Click to expand...

mrbiglive · 2011/01/22

Hi Pete, here the rest...
gmer: (There was nothing in the textfile. After scanning, it said it did not detect any modification on the PC)

MBRCheck:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: ASUSTeK Computer Inc.
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: ASUSTeK Computer Inc.
System Product Name: N53Jf
Logical Drives Mask: 0x00010014

Kernel Drivers (total 201):
0x02C64000 \SystemRoot\system32\ntoskrnl.exe
0x02C1B000 \SystemRoot\system32\hal.dll
0x00BA2000 \SystemRoot\system32\kdcom.dll
0x00C24000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00C68000 \SystemRoot\system32\PSHED.dll
0x00C7C000 \SystemRoot\system32\CLFS.SYS
0x00CDA000 \SystemRoot\system32\CI.dll
0x00EDD000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F81000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F90000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00FE7000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00FF0000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00E00000 \SystemRoot\system32\DRIVERS\pci.sys
0x00E33000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00E40000 \SystemRoot\System32\drivers\partmgr.sys
0x00E55000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00E5E000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00E6A000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00E7F000 \SystemRoot\System32\drivers\volmgrx.sys
0x00D9A000 \SystemRoot\system32\drivers\pciide.sys
0x00DA1000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x00DB1000 \SystemRoot\System32\drivers\mountmgr.sys
0x0101A000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x01224000 \SystemRoot\system32\DRIVERS\atapi.sys
0x0122D000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x01257000 \SystemRoot\system32\DRIVERS\msahci.sys
0x01262000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x0126D000 \SystemRoot\system32\drivers\fltmgr.sys
0x012B9000 \SystemRoot\system32\drivers\fileinfo.sys
0x0144A000 \SystemRoot\System32\Drivers\Ntfs.sys
0x012CD000 \SystemRoot\System32\Drivers\msrpc.sys
0x01400000 \SystemRoot\System32\Drivers\ksecdd.sys
0x0132B000 \SystemRoot\System32\Drivers\cng.sys
0x0141A000 \SystemRoot\System32\drivers\pcw.sys
0x0142B000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x016D4000 \SystemRoot\system32\drivers\ndis.sys
0x01600000 \SystemRoot\system32\drivers\NETIO.SYS
0x01660000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01803000 \SystemRoot\System32\drivers\tcpip.sys
0x0139E000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01A4F000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x01A9B000 \SystemRoot\System32\Drivers\spldr.sys
0x01AA3000 \SystemRoot\System32\drivers\rdyboost.sys
0x01ADD000 \SystemRoot\system32\DRIVERS\nvpciflt.sys
0x01AE2000 \SystemRoot\System32\Drivers\mup.sys
0x01AF4000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01AFD000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01B37000 \SystemRoot\system32\DRIVERS\disk.sys
0x01B4D000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x04223000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x0424D000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x0427E000 \SystemRoot\System32\Drivers\Null.SYS
0x04287000 \SystemRoot\System32\Drivers\Beep.SYS
0x0428E000 \SystemRoot\System32\drivers\vga.sys
0x0429C000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x042C1000 \SystemRoot\System32\drivers\watchdog.sys
0x042D1000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x042DA000 \SystemRoot\system32\drivers\rdpencdd.sys
0x042E3000 \SystemRoot\system32\drivers\rdprefmp.sys
0x042EC000 \SystemRoot\System32\Drivers\Msfs.SYS
0x042F7000 \SystemRoot\System32\Drivers\Npfs.SYS
0x04308000 \SystemRoot\system32\DRIVERS\tdx.sys
0x04326000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x04333000 \SystemRoot\System32\DRIVERS\netbt.sys
0x02E36000 \SystemRoot\system32\drivers\afd.sys
0x02EC0000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x02EC9000 \SystemRoot\system32\DRIVERS\pacer.sys
0x02EEF000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x02F05000 \SystemRoot\system32\DRIVERS\netbios.sys
0x02F14000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x02F2F000 \SystemRoot\system32\DRIVERS\termdd.sys
0x02F43000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x02F94000 \SystemRoot\system32\drivers\nsiproxy.sys
0x02FA0000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x02FAB000 \SystemRoot\System32\drivers\discache.sys
0x02FBA000 \SystemRoot\System32\Drivers\dfsc.sys
0x02FD8000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x02E00000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x04A15000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x055FE000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x044D6000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04400000 \SystemRoot\System32\drivers\dxgmms1.sys
0x05867000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
0x06286000 \SystemRoot\system32\DRIVERS\HECIx64.sys
0x06297000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x062A8000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x062FE000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x04653000 \SystemRoot\system32\DRIVERS\athrx.sys
0x047DC000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x04600000 \SystemRoot\system32\DRIVERS\FLxHCIc.sys
0x06322000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x06340000 \SystemRoot\system32\DRIVERS\ETD.sys
0x047E9000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x047F8000 \SystemRoot\system32\DRIVERS\kbfiltr.sys
0x06365000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x06374000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x06381000 \SystemRoot\system32\DRIVERS\Impcd.sys
0x063A8000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x063AD000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x063B6000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x063CC000 \SystemRoot\system32\DRIVERS\ATK64AMD.sys
0x063D4000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x063E4000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x05800000 \SystemRoot\system32\DRIVERS\HssDrv.sys
0x05819000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x0583D000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x04446000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x05849000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x04475000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x04496000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x044B0000 \SystemRoot\system32\DRIVERS\taphss.sys
0x05864000 \SystemRoot\system32\DRIVERS\swenum.sys
0x04378000 \SystemRoot\system32\DRIVERS\ks.sys
0x044BD000 \SystemRoot\system32\DRIVERS\umbus.sys
0x01B8B000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x045CA000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x06C39000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x06E99000 \SystemRoot\system32\drivers\portcls.sys
0x06ED6000 \SystemRoot\system32\drivers\drmk.sys
0x06EF8000 \SystemRoot\system32\drivers\ksthunk.sys
0x06EFE000 \SystemRoot\system32\DRIVERS\FLxHCIh.sys
0x06F15000 \SystemRoot\System32\Drivers\crashdmp.sys
0x04000000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x06F23000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x00020000 \SystemRoot\System32\win32k.sys
0x06F36000 \SystemRoot\System32\drivers\Dxapi.sys
0x06F42000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x06F5F000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x07442000 \SystemRoot\system32\DRIVERS\snp2uvc.sys
0x07400000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0x07411000 \SystemRoot\system32\DRIVERS\sncduvc.SYS
0x0741A000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00420000 \SystemRoot\System32\TSDDD.dll
0x00610000 \SystemRoot\System32\cdd.dll
0x06F61000 \SystemRoot\system32\drivers\luafv.sys
0x07428000 \SystemRoot\system32\DRIVERS\Sftvollh.sys
0x06F84000 \SystemRoot\system32\drivers\WudfPf.sys
0x06FA5000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x07A3E000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x07A91000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x07AA4000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x07ABC000 \SystemRoot\system32\DRIVERS\TurboB.sys
0x07AC3000 \??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
0x07ACB000 \SystemRoot\system32\drivers\HTTP.sys
0x07B93000 \SystemRoot\system32\DRIVERS\bowser.sys
0x07BB1000 \SystemRoot\System32\drivers\mpsdrv.sys
0x07BC9000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x01A00000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x07A00000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x092B7000 \SystemRoot\system32\drivers\peauth.sys
0x0935D000 \SystemRoot\System32\Drivers\secdrv.SYS
0x09200000 \SystemRoot\system32\DRIVERS\Sftfslh.sys
0x09368000 \SystemRoot\system32\DRIVERS\Sftplaylh.sys
0x093B5000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x093E2000 \SystemRoot\System32\drivers\tcpipreg.sys
0x06FBA000 \??\C:\Program Files (x86)\Cyberlink\PowerDVD9\000.fcl
0x09801000 \SystemRoot\System32\DRIVERS\srv2.sys
0x09869000 \SystemRoot\System32\DRIVERS\srv.sys
0x098FF000 \SystemRoot\system32\DRIVERS\Sftredirlh.sys
0x09923000 \SystemRoot\System32\Drivers\fastfat.SYS
0x099CA000 \SystemRoot\system32\DRIVERS\L1C62x64.sys
0x76D70000 \Windows\System32\ntdll.dll
0x47E40000 \Windows\System32\smss.exe
0xFF090000 \Windows\System32\apisetschema.dll
0xFFE50000 \Windows\System32\autochk.exe
0xFEFE0000 \Windows\System32\clbcatq.dll
0xFEEB0000 \Windows\System32\wininet.dll
0xFECA0000 \Windows\System32\ole32.dll
0xFEC00000 \Windows\System32\msvcrt.dll
0xFEB80000 \Windows\System32\difxapi.dll
0xFEB30000 \Windows\System32\ws2_32.dll
0xFEA90000 \Windows\System32\comdlg32.dll
0xFEA20000 \Windows\System32\gdi32.dll
0x76F40000 \Windows\System32\normaliz.dll
0xFE940000 \Windows\System32\oleaut32.dll
0xFE760000 \Windows\System32\setupapi.dll
0xFE5E0000 \Windows\System32\urlmon.dll
0xFE380000 \Windows\System32\iertutil.dll
0xFE2B0000 \Windows\System32\usp10.dll
0xFE1D0000 \Windows\System32\advapi32.dll
0xFE0C0000 \Windows\System32\msctf.dll
0xFE0A0000 \Windows\System32\sechost.dll
0xFE070000 \Windows\System32\imm32.dll
0xFDFF0000 \Windows\System32\shlwapi.dll
0xFDFE0000 \Windows\System32\lpk.dll
0xFDFD0000 \Windows\System32\nsi.dll
0xFDEA0000 \Windows\System32\rpcrt4.dll
0xFDE80000 \Windows\System32\imagehlp.dll
0x76F30000 \Windows\System32\psapi.dll
0xFDE30000 \Windows\System32\Wldap32.dll
0xFD0A0000 \Windows\System32\shell32.dll
0x76C70000 \Windows\System32\user32.dll
0x76B50000 \Windows\System32\kernel32.dll
0xFD080000 \Windows\System32\devobj.dll
0xFD040000 \Windows\System32\wintrust.dll
0xFCFA0000 \Windows\System32\comctl32.dll
0xFCF30000 \Windows\System32\KernelBase.dll
0xFCEF0000 \Windows\System32\cfgmgr32.dll
0xFCD80000 \Windows\System32\crypt32.dll
0xFCD70000 \Windows\System32\msasn1.dll
0x75EF0000 \Windows\SysWOW64\normaliz.dll

Processes (total 106):
0 System Idle Process
4 System
288 C:\Windows\System32\smss.exe
420 csrss.exe
516 C:\Windows\System32\wininit.exe
536 csrss.exe
572 C:\Windows\System32\services.exe
596 C:\Windows\System32\lsass.exe
604 C:\Windows\System32\lsm.exe
644 C:\Windows\System32\winlogon.exe
752 C:\Windows\System32\svchost.exe
816 C:\Windows\System32\nvvsvc.exe
848 C:\Windows\System32\svchost.exe
948 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
1012 C:\Windows\System32\svchost.exe
320 C:\Windows\System32\svchost.exe
452 C:\Windows\System32\svchost.exe
1152 C:\Windows\System32\svchost.exe
1404 C:\Windows\System32\nvvsvc.exe
1432 C:\Windows\System32\svchost.exe
1540 C:\Windows\System32\FBAgent.exe
1584 C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
1616 C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
1692 C:\Windows\System32\spoolsv.exe
1764 C:\Windows\System32\svchost.exe
1884 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1924 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
1976 C:\Windows\System32\svchost.exe
2040 C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
1504 C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
1140 C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
1724 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
2056 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2372 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
2404 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
2444 C:\Program Files\Intel\TurboBoost\TurboBoost.exe
2572 C:\ExpressGateUtil\VAWinService.exe
2604 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
2952 WmiPrvSE.exe
3024 C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
3124 C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
3444 C:\Windows\System32\svchost.exe
3696 C:\Windows\System32\taskhost.exe
3768 C:\Windows\System32\dwm.exe
3792 C:\Windows\System32\taskeng.exe
3820 C:\Windows\explorer.exe
3992 C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
4004 C:\Program Files\P4G\BatteryLife.exe
4016 C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
4032 C:\Windows\System32\taskeng.exe
312 C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
2516 C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
2836 C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
2816 C:\Windows\System32\igfxtray.exe
2548 C:\Windows\System32\hkcmd.exe
1136 C:\Windows\System32\igfxpers.exe
1040 C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
3588 C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
3636 C:\Program Files\Elantech\ETDCtrl.exe
3852 C:\Program Files\Microsoft Security Client\msseces.exe
3108 C:\Program Files\Windows Sidebar\sidebar.exe
3908 C:\Program Files (x86)\syncables\syncables desktop\syncables.exe
3104 C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
1384 C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
3148 C:\Program Files (x86)\CyberLink\Shared files\brs.exe
4268 C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe
4388 C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
4408 C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
4428 C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
4464 WmiPrvSE.exe
4472 C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
4484 C:\Program Files\Elantech\ETDCtrlHelper.exe
4560 C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
4588 C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe
4596 C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
4604 C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
4640 C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
4648 C:\ExpressGateUtil\VAWinAgent.exe
4720 C:\Program Files (x86)\iTunes\iTunesHelper.exe
4748 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
4764 C:\Windows\SysWOW64\ACEngSvr.exe
4808 C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
5004 C:\Windows\System32\SearchIndexer.exe
1328 C:\Program Files\Windows Media Player\wmpnetwk.exe
5080 C:\Windows\System32\svchost.exe
4776 C:\Program Files\iPod\bin\iPodService.exe
5484 C:\Windows\AsScrPro.exe
5564 C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
5688 C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
5724 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
3480 C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe
876 C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
3352 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
1708 C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe
932 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
4164 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
6008 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
5528 C:\Windows\SysWOW64\notepad.exe
3016 C:\Windows\System32\audiodg.exe
5460 C:\Windows\System32\SearchProtocolHost.exe
5860 C:\Windows\System32\SearchFilterHost.exe
3568 dllhost.exe
1744 dllhost.exe
3984 C:\Users\Kelvin\Downloads\MBRCheck.exe
6036 C:\Windows\System32\conhost.exe
3212 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000005`5f317000 (NTFS)
\\.\Q: --> error 5

PhysicalDrive0 Model Number: ST9500420AS, Rev: 0003SDM1

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79

Done!

DDS:

DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by Kelvin at 2:24:38.79 on Sun 23/01/2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_20
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.65.1033.18.3884.1748 [GMT 8:00]

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\FBAgent.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files\Intel\TurboBoost\TurboBoost.exe
C:\ExpressGateUtil\VAWinService.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\syncables\syncables desktop\syncables.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\ExpressGateUtil\VAWinAgent.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Kelvin\Downloads\MBRCheck.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Kelvin\Downloads\dds.scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://asus.msn.com
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
BHO: Partner BHO Class: {83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4} - C:\ProgramData\Partner\Partner.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Syncables] C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [RemoteControl9] "C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe "
mRun: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
mRun: [UpdatePSTShortCut] "C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Cyberlink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter "
mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5 "
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0 "
mRun: [Boingo Wi-Fi] "C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk "
mRun: [SonicMasterTray] C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
mRun: [VAWinAgent] C:\ExpressGateUtil\VAWinAgent.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe "
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe "
mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
StartupFolder: C:\Users\Kelvin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Digsby.lnk - C:\Program Files (x86)\Digsby\digsby.exe
StartupFolder: C:\Users\Kelvin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
BHO-X64: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
BHO-X64: Windows Live Family Safety Browser Helper - No File
BHO-X64: Partner BHO Class: {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner64.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [ASUS WebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
mRun-x64: [IgfxTray] C:\Windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
mRun-x64: [Persistence] C:\Windows\system32\igfxpers.exe
mRun-x64: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3
mRun-x64: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
mRun-x64: [ETDWare] %ProgramFiles%\Elantech\ETDCtrl.exe
mRun-x64: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs "
mRun-x64: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
AppInit_DLLs-X64: C:\Windows\System32\nvinitx.dll

================= FIREFOX ===================

FF - ProfilePath - C:\Users\Kelvin\AppData\Roaming\Mozilla\Firefox\Profiles\m303u31u.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=15000
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - yahoo.com
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=adbartrp&AF=15000&q=
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor.dll
FF - component: C:\Users\Kelvin\AppData\Roaming\Mozilla\Firefox\Profiles\m303u31u.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}\platform\WINNT_x86-msvc\components\WeaveCrypto.dll
FF - component: C:\Users\Kelvin\AppData\Roaming\Mozilla\Firefox\Profiles\m303u31u.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}\platform\WINNT_x86-msvc\components\enbar.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: afurladvisor: afurladvisor@anchorfree.com - C:\Program Files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Firefox Sync: {340c2bbc-ce74-4362-90b5-7c26312808ef} - %profile%\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}
FF - Ext: Siphon - Sync Add-ons: siphon@siphon.ian-halpern.com - %profile%\extensions\siphon@siphon.ian-halpern.com
FF - Ext: FoxTab: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a} - %profile%\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
FF - Ext: All-in-One Sidebar: {097d3191-e6fa-4728-9826-b533d755359d} - %profile%\extensions\{097d3191-e6fa-4728-9826-b533d755359d}
FF - Ext: Evernote Web Clipper: {E0B8C461-F8FB-49b4-8373-FE32E9252800} - %profile%\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Easy Youtube Video Downloader: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} - %profile%\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
FF - Ext: Zotero: zotero@chnm.gmu.edu - %profile%\extensions\zotero@chnm.gmu.edu
FF - Ext: InvisibleHand: canitbecheaper@trafficbroker.co.uk - %profile%\extensions\canitbecheaper@trafficbroker.co.uk

============= SERVICES / DRIVERS ===============

R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2010-8-16 24680]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2010-10-24 188928]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/11/06 19:44:02];C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl [2010-2-25 146928]
R2 AFBAgent;AFBAgent;C:\Windows\System32\FBAgent.exe [2010-11-7 379520]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-3 15416]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-2-28 821664]
R2 HssWd;Hotspot Shield Monitoring Service;C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -product HSS --> C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -product HSS [?]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2010-11-7 1620584]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-1-21 1153368]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-2 483688]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-8-17 235624]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-4-17 13832]
R2 TurboBoost;Intel(R) Turbo Boost Technology Monitor;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-4-17 134928]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-11-7 2314240]
R2 VideAceWindowsService;VideAceWindowsService;C:\ExpressGateUtil\VAWinService.exe [2010-8-21 77312]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2010-7-21 129024]
R3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;C:\Windows\System32\drivers\FLxHCIc.sys [2010-9-25 229376]
R3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;C:\Windows\System32\drivers\FLxHCIh.sys [2010-9-25 69120]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-11-7 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-2-27 158976]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2010-3-4 75816]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2009-12-2 721768]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2009-12-2 269672]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2009-12-2 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2009-12-2 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-2 209768]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-7 135664]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-1-21 61792]
S3 fsssvc;Windows Live Family Safety;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2008-12-8 533344]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\System32\drivers\MpNWMon.sys [2010-10-24 40832]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 72064]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 Partner Service;Partner Service;C:\ProgramData\Partner\Partner.exe [2010-11-7 332272]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-11 56832]

=============== Created Last 30 ================

2011-01-22 18:13:24 -------- d-----w- C:\Users\Kelvin\AppData\Local\Microsoft Games
2011-01-22 17:21:16 -------- d-----w- C:\Users\Kelvin\AppData\Roaming\Malwarebytes
2011-01-22 17:20:14 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-01-22 17:20:13 -------- d-----w- C:\PROGRA~3\Malwarebytes
2011-01-22 17:20:10 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-01-22 17:20:10 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-01-22 14:50:43 601424 ----a-w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\{6B660282-1414-40F0-A9D8-E3011AFAFAC4}\gapaengine.dll
2011-01-22 14:50:16 7844688 ----a-w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\{69B9AE43-6A21-4EEA-BCFF-89A17E180260}\mpengine.dll
2011-01-22 14:41:41 -------- d-sh--w- C:\$RECYCLE.BIN
2011-01-22 14:39:26 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2011-01-22 14:39:22 -------- d-----w- C:\Program Files\Microsoft Security Client
2011-01-22 14:39:20 374664 ----a-w- C:\Windows\System32\drivers\netio.sys
2011-01-22 14:16:50 7844688 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{6D85A397-9615-44D1-B841-BEC28EC41B58}\mpengine.dll
2011-01-22 14:16:50 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-01-22 14:08:23 -------- d-----w- C:\PROGRA~3\hssff
2011-01-22 14:01:07 98816 ----a-w- C:\Windows\sed.exe
2011-01-22 14:01:07 89088 ----a-w- C:\Windows\MBR.exe
2011-01-22 14:01:07 256512 ----a-w- C:\Windows\PEV.exe
2011-01-22 14:01:07 161792 ----a-w- C:\Windows\SWREG.exe
2011-01-22 13:37:01 -------- d-----w- C:\PROGRA~3\VirtualizedApplications
2011-01-22 12:50:30 -------- d-----w- C:\Users\Kelvin\AppData\Roaming\OpenOffice.org
2011-01-22 12:37:39 -------- d-----w- C:\Program Files (x86)\JRE
2011-01-22 12:37:37 -------- d-----w- C:\Program Files (x86)\OpenOffice.org 3
2011-01-22 12:37:17 411368 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-01-22 12:37:17 411368 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2011-01-22 11:26:45 -------- d-----w- C:\Users\Kelvin\AppData\Roaming\SoftGrid Client
2011-01-22 11:26:45 -------- d-----w- C:\Users\Kelvin\AppData\Local\SoftGrid Client
2011-01-22 11:26:09 -------- d-----w- C:\Program Files (x86)\Microsoft Application Virtualization Client
2011-01-22 11:26:03 -------- d-----w- C:\Users\Kelvin\AppData\Roaming\TP
2011-01-22 05:16:04 -------- d-----w- C:\Users\Kelvin\AppData\Local\Cyberlink
2011-01-22 03:49:25 -------- d-----w- C:\Windows\System32\log
2011-01-21 15:14:36 -------- d-----w- C:\Windows\FLV Player
2011-01-21 15:12:54 -------- d-----w- C:\Users\Kelvin\AppData\Local\Apple Computer
2011-01-21 15:12:44 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2011-01-21 15:12:44 126312 ----a-w- C:\Windows\System32\GEARAspi64.dll
2011-01-21 15:12:44 107368 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2011-01-21 15:12:37 -------- d-----w- C:\Program Files\iTunes
2011-01-21 15:12:37 -------- d-----w- C:\Program Files\iPod
2011-01-21 15:12:37 -------- d-----w- C:\Program Files (x86)\iTunes
2011-01-21 15:12:37 -------- d-----w- C:\PROGRA~3\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2011-01-21 15:10:50 -------- d-----w- C:\Users\Kelvin\AppData\Local\Apple
2011-01-21 15:10:40 -------- d-----w- C:\Program Files\Bonjour
2011-01-21 15:10:40 -------- d-----w- C:\Program Files (x86)\Bonjour
2011-01-21 14:30:42 -------- d-----w- C:\Hotspot Shield
2011-01-21 14:30:41 506880 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor.dll
2011-01-21 14:30:39 -------- d-----w- C:\Program Files (x86)\Hotspot Shield
2011-01-21 13:51:26 -------- d-----w- C:\Users\Kelvin\AppData\Roaming\Digsby
2011-01-21 13:51:26 -------- d-----w- C:\Users\Kelvin\AppData\Local\Digsby
2011-01-21 13:51:26 -------- d-----w- C:\PROGRA~3\Digsby
2011-01-21 13:50:34 -------- d-----w- C:\Program Files (x86)\Advanced Registry Optimizer
2011-01-21 13:49:46 -------- d-----r- C:\Program Files (x86)\Skype
2011-01-21 13:49:19 -------- d-----w- C:\Program Files (x86)\Conduit
2011-01-21 13:49:17 -------- d-----w- C:\Program Files (x86)\Babylon
2011-01-21 13:45:35 -------- d-----w- C:\Program Files (x86)\Digsby
2011-01-21 12:44:38 -------- d-----w- C:\Program Files\CCleaner
2011-01-21 12:29:53 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2011-01-21 12:29:53 -------- d-----w- C:\PROGRA~3\Spybot - Search & Destroy
2011-01-21 12:27:43 -------- d-----w- C:\Users\Kelvin\AppData\Roaming\AVG10
2011-01-21 12:26:22 -------- d--h--w- C:\PROGRA~3\Common Files
2011-01-21 12:25:52 -------- d-----w- C:\PROGRA~3\AVG10
2011-01-21 12:25:40 -------- d-----w- C:\Program Files (x86)\AVG
2011-01-21 12:17:32 -------- d-----w- C:\Program Files (x86)\Common Files\ControlDeck
2011-01-21 12:16:21 -------- d-----w- C:\PROGRA~3\MFAData
2011-01-21 12:11:02 -------- d-----w- C:\Users\Kelvin\AppData\Local\Mozilla
2011-01-21 12:04:29 -------- d--h--w- C:\PROGRA~3\.syncID
2011-01-21 12:04:24 -------- d--h--w- C:\PROGRA~3\.Syncables
2011-01-21 12:03:55 -------- d-----w- C:\PROGRA~3\ASUS
2011-01-21 12:03:54 -------- d-----w- C:\Users\Kelvin\AppData\Local\ASUS
2011-01-21 12:00:27 -------- d-----w- C:\Users\Kelvin\AppData\Roaming\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1
2011-01-21 11:58:57 -------- d-----w- C:\Users\Kelvin\AppData\Local\Google
2011-01-21 11:57:50 -------- d-----w- C:\Users\Kelvin\AppData\Roaming\Asus WebStorage
2011-01-21 11:55:48 61792 ----a-w- C:\Windows\System32\drivers\fssfltr.sys
2011-01-21 11:54:51 4398360 ----a-w- C:\Windows\System32\d3dx9_32.dll
2011-01-21 11:54:51 3426072 ----a-w- C:\Windows\SysWow64\d3dx9_32.dll
2011-01-21 11:54:47 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2011-01-21 11:54:06 -------- d-----w- C:\Program Files (x86)\Microsoft
2011-01-21 11:53:44 -------- d-----w- C:\Program Files (x86)\Windows Live SkyDrive
2011-01-21 11:53:13 -------- d-----w- C:\Windows\PCHEALTH
2011-01-21 11:53:06 4865408 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\c47670af1cbb961\Silverlight.2.0.exe
2011-01-21 11:52:54 74520 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\bcd426ee1cbb961\DSETUP.dll
2011-01-21 11:52:54 484632 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\bcd426ee1cbb961\DXSETUP.exe
2011-01-21 11:52:54 1670936 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\bcd426ee1cbb961\dsetup32.dll
2011-01-21 11:52:15 140779848 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\wlc16E9.tmp
2011-01-21 11:52:09 -------- d-----w- C:\Users\Kelvin\AppData\Local\Power2Go
2011-01-21 11:52:09 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live
2011-01-21 11:52:07 -------- d-----w- C:\Users\Kelvin\AppData\Local\VirtualStore
2011-01-21 11:51:02 45056 ----a-w- C:\Windows\System32\acovcnt.exe

==================== Find3M ====================

2010-11-29 09:38:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2010-11-29 09:38:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2010-11-07 03:23:50 558592 ----a-w- C:\Windows\System32\spoolsv.exe
2010-11-07 03:23:20 347648 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2010-11-07 03:23:20 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2010-11-07 03:22:58 80512 ----a-w- C:\Windows\ASUS_N3_Series Uninstaller.exe
2010-11-07 03:22:56 3058304 ----a-w- C:\Windows\AsScrPro.exe
2010-11-07 03:22:47 861184 ----a-w- C:\Windows\System32\oleaut32.dll
2010-11-07 03:22:47 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2010-11-07 03:22:08 1877504 ----a-w- C:\Windows\System32\msxml3.dll
2010-11-07 03:22:08 1233920 ----a-w- C:\Windows\SysWow64\msxml3.dll
2010-11-07 03:20:11 978432 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-11-07 03:20:11 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-11-07 03:20:11 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-11-07 03:20:11 1192960 ----a-w- C:\Windows\System32\wininet.dll
2010-11-07 03:19:29 3122688 ----a-w- C:\Windows\System32\win32k.sys
2010-11-07 03:18:57 52224 ----a-w- C:\Windows\System32\rtutils.dll
2010-11-07 03:18:57 37376 ----a-w- C:\Windows\SysWow64\rtutils.dll
2010-11-07 03:18:29 82944 ----a-w- C:\Windows\SysWow64\iccvid.dll
2010-11-07 03:17:31 463360 ----a-w- C:\Windows\System32\drivers\srv.sys
2010-11-07 03:17:31 404992 ----a-w- C:\Windows\System32\drivers\srv2.sys
2010-11-07 03:17:31 162304 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2010-11-07 03:16:58 5507968 ----a-w- C:\Windows\System32\ntoskrnl.exe
2010-11-07 03:16:58 3955080 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2010-11-07 03:16:58 3899784 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2010-11-07 03:16:26 340992 ----a-w- C:\Windows\System32\schannel.dll
2010-11-07 03:16:26 224256 ----a-w- C:\Windows\SysWow64\schannel.dll
2010-11-07 03:15:57 1896832 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2010-11-07 03:15:28 144384 ----a-w- C:\Windows\System32\cdd.dll
2010-11-07 03:14:27 961024 ----a-w- C:\Windows\System32\CPFilters.dll
2010-11-07 03:14:27 641536 ----a-w- C:\Windows\SysWow64\CPFilters.dll
2010-11-07 03:14:27 552960 ----a-w- C:\Windows\System32\msdri.dll
2010-11-07 03:14:27 288256 ----a-w- C:\Windows\System32\MSNP.ax
2010-11-07 03:14:27 258560 ----a-w- C:\Windows\System32\mpg2splt.ax
2010-11-07 03:14:27 204288 ----a-w- C:\Windows\SysWow64\MSNP.ax
2010-11-07 03:14:27 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax
2010-11-07 03:13:50 1736608 ----a-w- C:\Windows\System32\ntdll.dll
2010-11-07 03:13:50 1289528 ----a-w- C:\Windows\SysWow64\ntdll.dll
2010-11-07 03:13:21 213888 ----a-w- C:\Windows\System32\drivers\rdyboost.sys
2010-11-07 03:11:25 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2010-11-07 03:11:25 2048 ----a-w- C:\Windows\System32\tzres.dll
2010-11-07 03:10:48 46080 ----a-w- C:\Windows\System32\atmlib.dll
2010-11-07 03:10:48 366080 ----a-w- C:\Windows\System32\atmfd.dll
2010-11-07 03:10:48 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2010-11-07 03:10:48 293888 ----a-w- C:\Windows\SysWow64\atmfd.dll
2010-11-07 03:09:18 84992 ----a-w- C:\Windows\System32\asycfilt.dll
2010-11-07 03:09:18 67584 ----a-w- C:\Windows\SysWow64\asycfilt.dll
2010-11-07 03:08:44 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2010-11-07 03:08:44 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2010-11-07 03:08:44 153160 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2010-11-07 03:08:44 1446912 ----a-w- C:\Windows\System32\lsasrv.dll
2010-11-07 03:08:09 14336 ----a-w- C:\Windows\System32\drivers\sffp_sd.sys
2010-11-07 03:07:41 612352 ----a-w- C:\Windows\System32\vbscript.dll
2010-11-07 03:07:41 427520 ----a-w- C:\Windows\SysWow64\vbscript.dll
2010-11-07 03:06:45 286720 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2010-11-07 03:06:45 157696 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2010-11-07 03:06:45 125952 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2010-11-07 03:05:00 139264 ----a-w- C:\Windows\System32\cabview.dll
2010-11-07 03:05:00 132608 ----a-w- C:\Windows\SysWow64\cabview.dll
2010-11-07 03:04:31 220672 ----a-w- C:\Windows\System32\wintrust.dll
2010-11-07 03:04:31 172032 ----a-w- C:\Windows\SysWow64\wintrust.dll
2010-11-07 03:04:01 613888 ----a-w- C:\Windows\System32\psisdecd.dll
2010-11-07 03:04:01 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll
2010-11-07 03:02:46 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2010-11-07 03:02:46 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2010-11-07 03:02:46 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2010-11-07 03:02:46 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2010-11-07 03:02:46 243200 ----a-w- C:\Windows\System32\wow64.dll
2010-11-07 03:02:46 2048 ----a-w- C:\Windows\SysWow64\user.exe
2010-11-07 03:02:46 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2010-11-07 03:01:07 389632 ----a-w- C:\Windows\System32\winlogon.exe
2010-11-07 03:01:07 2870272 ----a-w- C:\Windows\explorer.exe
2010-11-07 03:01:07 2614272 ----a-w- C:\Windows\SysWow64\explorer.exe
2010-11-07 02:57:33 85504 ----a-w- C:\Windows\SysWow64\secproc_ssp_isv.dll
2010-11-07 02:53:43 311808 ----a-w- C:\Windows\System32\msv1_0.dll
2010-11-07 02:53:43 257024 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2010-11-07 02:53:13 46592 ----a-w- C:\Windows\System32\msasn1.dll
2010-11-07 02:53:13 34816 ----a-w- C:\Windows\SysWow64\msasn1.dll
2010-11-07 02:52:03 982600 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2010-11-07 02:52:03 1975296 ----a-w- C:\Windows\System32\CertEnroll.dll
2010-11-07 02:52:03 1320960 ----a-w- C:\Windows\SysWow64\CertEnroll.dll
2010-11-07 02:52:03 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2010-11-07 02:52:03 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2010-11-07 02:43:03 505128 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2010-11-07 02:43:03 353576 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2010-11-07 02:43:03 29480 ----a-w- C:\Windows\SysWow64\msxml3a.dll

============= FINISH: 2:24:56.57 ===============

Do you want me to attach the "attach" file too?

Admin. · 2011/01/22

"mrbiglive said: ↑

Do you want me to attach the "attach" file too?
Click to expand...

Yes, as per our instructions (STEP 4).

mrbiglive · 2011/01/22

here is the second part of Step 4.
--------------------------------------

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 21/1/2011 7:50:40 PM
System Uptime: 23/1/2011 1:01:57 AM (1 hours ago)

Motherboard: ASUSTeK Computer Inc. | | N53Jf
Processor: Intel(R) Core(TM) i5 CPU M 460 @ 2.53GHz | Socket 989 | 2534/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 444 GiB total, 413.696 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1 MUI
Advanced Registry Optimizer
Alcor Micro USB Card Reader
Amazon Kindle For PC v1.0
Apple Application Support
Apple Software Update
ASUS AI Recovery
ASUS AP Bank
ASUS LifeFrame3
ASUS Live Update
ASUS MultiFrame
ASUS SmartLogon
ASUS Splendid Video Enhancement Technology
ASUS Video Magic
ASUS Virtual Camera
ASUS WebStorage
ASUS_N3_Series
ATK Package
Boingo Wi-Fi
Bookworm Deluxe
Choice Guard
ControlDeck
Cooking Dash
CyberLink LabelPrint
CyberLink MediaShow Espresso
CyberLink PhotoNow
CyberLink Power2Go
CyberLink PowerDirector
CyberLink PowerDVD 9
Digsby
ExpressGate Cloud
FLV Player
Game Park Console
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Governor of Poker
Hotel Dash Suite Success
Hotspot Shield 1.57
Intel(R) Control Center
Intel(R) Graphics Media Accelerator Driver
Intel(R) Management Engine Components
Java Auto Updater
Java(TM) 6 Update 20
Jewel Quest 3
Junk Mail filter update
Luxor 3
Mahjongg dimensions
Malwarebytes' Anti-Malware
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox (3.6.13)
MSVCRT
MSXML 4.0 SP3 Parser (KB973685)
NVIDIA Stereoscopic 3D Driver
NVIDIA Updatus
OpenOffice.org 3.2
Plants vs Zombies
QuickTime
Realtek High Definition Audio Driver
Skype Toolbars
Skypeâ„¢ 5.1
SonicMaster
Spybot - Search & Destroy
syncables desktop SE
Times Reader
Visual Studio 2008 x64 Redistributables
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
WinFlash
Wireless Console 3
World of Goo

==== Event Viewer Messages From Past Week ========

23/1/2011 1:03:09 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
23/1/2011 1:01:17 AM, Error: Service Control Manager [7034] - The ASLDR Service service terminated unexpectedly. It has done this 1 time(s).
22/1/2011 10:06:11 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
22/1/2011 10:05:55 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
22/1/2011 10:02:35 PM, Error: Service Control Manager [7000] - The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: A device attached to the system is not functioning.
22/1/2011 10:01:49 PM, Error: Service Control Manager [7034] - The VideAceWindowsService service terminated unexpectedly. It has done this 1 time(s).
21/1/2011 10:31:08 PM, Error: Service Control Manager [7030] - The Hotspot Shield Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

==== End Of File ===========================

broni · 2011/01/23

Welcome aboard

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running tools or applying updates other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

================================================================

Since this is fresh Windows installation and the old problem still exist, I suspect, you may have infected router.

Go Start>Run (Start search in Vista), type in:
cmd
Click OK (in Vista and Windows 7, while holding CTRL, and SHIFT, press Enter).

In Command Prompt window, type in following commands, and hit Enter after each one:
ipconfig /flushdns
ipconfig /registerdns
ipconfig /release
ipconfig /renew
net stop "dns client "
net start "dns client "

Turn the computer off.

On your router, you'll find a pinhole marked "Reset ".
Keep pushing the hole, using a pencil, or a paperclip until all lights briefly come off and on.
NOTE. Simple router disconnecting from a power source will NOT do.
Restart computer and check for redirections.

NOTE. You may need to re-check your router security settings, as described HERE

mrbiglive · 2011/01/23

I did as instructed. After I tried going to my router's admin page (192.168.1.1) it redirected me to a QBYRD search page.

Should I reset again? Should I upgrade the firmware?

Thanks Pete for your time.

mrbiglive · 2011/01/23

Thanks to you Broni too.

broni · 2011/01/23

Let's do more checking....

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

[color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

[color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

Double-click on the Rkill desktop icon to run the tool.

If using Vista or Windows 7 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

mrbiglive · 2011/01/23

here is the Combofix text file. I've separated it into 2 post.
------

ComboFix 11-01-22.03 - Kelvin 24/01/2011 1:23.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.65.1033.18.3884.2223 [GMT 8:00]
Running from: c:\users\Kelvin\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-12-23 to 2011-01-23 )))))))))))))))))))))))))))))))
.

2011-01-23 17:26 . 2011-01-23 17:26 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2011-01-23 17:26 . 2011-01-23 17:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-22 19:07 . 2011-01-22 19:07 -------- d-----w- c:\windows\SysWow64\Wat
2011-01-22 19:07 . 2011-01-22 19:07 -------- d-----w- c:\windows\system32\Wat
2011-01-22 19:06 . 2011-01-20 02:39 7844688 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D420F887-61CF-49C0-9BB9-DECD1F184F6F}\mpengine.dll
2011-01-22 19:02 . 2009-11-25 04:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
2011-01-22 19:02 . 2009-11-25 04:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
2011-01-22 19:02 . 2009-11-25 04:47 48960 ----a-w- c:\windows\system32\netfxperf.dll
2011-01-22 19:02 . 2009-11-25 04:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll
2011-01-22 19:02 . 2009-11-25 04:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
2011-01-22 19:02 . 2009-11-25 04:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2011-01-22 19:02 . 2009-11-25 04:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-01-22 19:02 . 2009-11-25 04:47 444752 ----a-w- c:\windows\system32\mscoree.dll
2011-01-22 19:02 . 2009-11-25 04:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2011-01-22 19:02 . 2009-11-25 04:47 1942856 ----a-w- c:\windows\system32\dfshim.dll
2011-01-22 19:00 . 2010-03-04 04:40 184832 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2011-01-22 19:00 . 2010-03-04 04:32 243712 ----a-w- c:\windows\system32\drivers\ks.sys
2011-01-22 17:20 . 2010-12-20 10:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-01-22 17:20 . 2011-01-22 17:20 -------- d-----w- c:\programdata\Malwarebytes
2011-01-22 17:20 . 2011-01-22 17:20 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-01-22 17:20 . 2010-12-20 10:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-22 14:50 . 2010-11-30 02:43 601424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6B660282-1414-40F0-A9D8-E3011AFAFAC4}\gapaengine.dll
2011-01-22 14:39 . 2011-01-22 14:39 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2011-01-22 14:39 . 2011-01-22 14:39 -------- d-----w- c:\program files\Microsoft Security Client
2011-01-22 14:39 . 2010-04-09 11:06 374664 ----a-w- c:\windows\system32\drivers\netio.sys
2011-01-22 14:16 . 2011-01-20 02:39 7844688 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6D85A397-9615-44D1-B841-BEC28EC41B58}\mpengine.dll
2011-01-22 14:16 . 2010-10-19 20:51 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-01-22 14:08 . 2011-01-22 14:08 -------- d-----w- c:\programdata\hssff
2011-01-22 13:37 . 2011-01-22 15:09 -------- d-----w- c:\programdata\VirtualizedApplications
2011-01-22 12:37 . 2011-01-22 12:37 -------- d-----w- c:\program files (x86)\JRE
2011-01-22 12:37 . 2011-01-22 12:37 -------- d-----w- c:\program files (x86)\OpenOffice.org 3
2011-01-22 12:37 . 2011-01-22 12:37 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-01-22 12:37 . 2011-01-22 12:37 411368 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-01-22 12:37 . 2011-01-22 12:37 -------- d-----w- c:\program files (x86)\Java
2011-01-22 11:32 . 2011-01-22 11:32 -------- d-----r- C:\MSOCache
2011-01-22 11:26 . 2011-01-23 08:37 -------- d-----w- c:\program files (x86)\Microsoft Application Virtualization Client
2011-01-22 05:16 . 2011-01-22 05:16 -------- d-----w- c:\users\Public\CyberLink
2011-01-22 05:06 . 2010-10-27 05:06 2048 ----a-w- c:\windows\system32\tzres.dll
2011-01-22 05:06 . 2010-10-27 04:32 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-01-22 03:49 . 2011-01-22 03:49 -------- d-----w- c:\windows\system32\log
2011-01-21 15:14 . 2011-01-21 15:14 -------- d-----w- c:\windows\FLV Player
2011-01-21 15:14 . 2011-01-21 15:14 -------- d-----w- c:\program files (x86)\FLV Player
2011-01-21 15:12 . 2009-05-18 05:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-01-21 15:12 . 2008-04-17 04:12 126312 ----a-w- c:\windows\system32\GEARAspi64.dll
2011-01-21 15:10 . 2011-01-21 15:11 -------- d-----w- c:\program files (x86)\QuickTime
2011-01-21 15:10 . 2011-01-21 15:10 -------- d-----w- c:\program files (x86)\Apple Software Update
2011-01-21 15:10 . 2011-01-21 15:10 -------- d-----w- c:\program files\Common Files\Apple
2011-01-21 15:10 . 2011-01-21 15:10 -------- d-----w- c:\program files\Bonjour
2011-01-21 15:10 . 2011-01-21 15:10 -------- d-----w- c:\program files (x86)\Bonjour
2011-01-21 15:10 . 2011-01-23 05:41 -------- d-----w- c:\programdata\Apple
2011-01-21 15:10 . 2011-01-21 15:12 -------- d-----w- c:\program files (x86)\Common Files\Apple
2011-01-21 14:30 . 2011-01-21 14:31 -------- d-----w- C:\Hotspot Shield
2011-01-21 14:30 . 2011-01-21 14:31 -------- d-----w- c:\program files (x86)\Hotspot Shield
2011-01-21 13:51 . 2011-01-21 13:51 -------- d-----w- c:\programdata\Digsby
2011-01-21 13:50 . 2011-01-21 13:50 -------- d-----w- c:\program files (x86)\Advanced Registry Optimizer
2011-01-21 13:49 . 2011-01-21 13:49 -------- d-----w- c:\program files (x86)\Common Files\Skype
2011-01-21 13:49 . 2011-01-21 13:50 -------- d-----r- c:\program files (x86)\Skype
2011-01-21 13:49 . 2011-01-21 13:49 -------- d-----w- c:\programdata\Skype
2011-01-21 13:49 . 2011-01-21 13:49 -------- d-----w- c:\program files (x86)\Conduit
2011-01-21 13:49 . 2011-01-21 13:49 -------- d-----w- c:\program files (x86)\Babylon
2011-01-21 13:45 . 2011-01-21 13:45 -------- d-----w- c:\program files (x86)\Digsby
2011-01-21 12:44 . 2011-01-21 12:44 -------- d-----w- c:\program files\CCleaner
2011-01-21 12:29 . 2011-01-21 12:45 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-01-21 12:29 . 2011-01-21 12:30 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2011-01-21 12:26 . 2011-01-21 12:26 -------- d--h--w- c:\programdata\Common Files
2011-01-21 12:25 . 2011-01-22 13:54 -------- d-----w- c:\programdata\AVG10
2011-01-21 12:25 . 2011-01-21 12:25 -------- d-----w- c:\program files (x86)\AVG
2011-01-21 12:17 . 2011-01-21 12:17 -------- d-----w- c:\program files (x86)\Common Files\ControlDeck
2011-01-21 12:16 . 2011-01-21 12:25 -------- d-----w- c:\programdata\MFAData
2011-01-21 12:04 . 2011-01-21 12:04 -------- d--h--w- c:\programdata\.syncID
2011-01-21 12:04 . 2011-01-21 12:04 -------- d--h--w- c:\programdata\.Syncables
2011-01-21 12:03 . 2011-01-21 12:03 -------- d-----w- c:\programdata\ASUS
2011-01-21 11:55 . 2011-01-23 05:40 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2011-01-21 11:55 . 2011-01-21 15:12 -------- dc----w- c:\windows\system32\DRVSTORE
2011-01-21 11:55 . 2011-01-21 11:55 -------- d-----w- c:\program files\Windows Live
2011-01-21 11:55 . 2008-12-08 09:35 61792 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2011-01-21 11:55 . 2011-01-21 11:55 -------- d-----w- c:\program files (x86)\Microsoft Sync Framework
2011-01-21 11:54 . 2006-11-29 05:06 4398360 ----a-w- c:\windows\system32\d3dx9_32.dll
2011-01-21 11:54 . 2006-11-29 05:06 3426072 ----a-w- c:\windows\SysWow64\d3dx9_32.dll
2011-01-21 11:54 . 2011-01-21 11:54 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2011-01-21 11:54 . 2011-01-21 11:54 -------- d-----w- c:\program files (x86)\Microsoft
2011-01-21 11:53 . 2011-01-21 11:53 -------- d-----w- c:\program files (x86)\Windows Live SkyDrive
2011-01-21 11:53 . 2011-01-21 11:55 -------- d-----w- c:\program files (x86)\Windows Live
2011-01-21 11:53 . 2011-01-21 11:53 -------- d-----w- c:\windows\PCHEALTH
2011-01-21 11:52 . 2011-01-21 11:52 -------- d-----w- c:\program files (x86)\Common Files\Windows Live
2011-01-21 11:51 . 2011-01-23 09:32 45056 ----a-w- c:\windows\system32\acovcnt.exe
2011-01-21 11:50 . 2011-01-21 11:57 -------- d-----w- c:\users\Kelvin

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-29 09:38 . 2010-11-29 09:38 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2010-11-29 09:38 . 2010-11-29 09:38 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2010-11-07 03:23 . 2010-11-07 03:23 558592 ----a-w- c:\windows\system32\spoolsv.exe
2010-11-07 03:22 . 2010-11-07 03:22 80512 ----a-w- c:\windows\ASUS_N3_Series Uninstaller.exe
2010-11-07 03:22 . 2010-11-07 03:22 3058304 ----a-w- c:\windows\AsScrPro.exe
2010-11-07 03:22 . 2010-11-07 03:22 861184 ----a-w- c:\windows\system32\oleaut32.dll
2010-11-07 03:22 . 2010-11-07 03:22 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2010-11-07 03:22 . 2010-11-07 03:22 1877504 ----a-w- c:\windows\system32\msxml3.dll
2010-11-07 03:22 . 2010-11-07 03:22 1233920 ----a-w- c:\windows\SysWow64\msxml3.dll
2010-11-07 03:18 . 2010-11-07 03:18 52224 ----a-w- c:\windows\system32\rtutils.dll
2010-11-07 03:18 . 2010-11-07 03:18 37376 ----a-w- c:\windows\SysWow64\rtutils.dll
2010-11-07 03:18 . 2010-11-07 03:18 82944 ----a-w- c:\windows\SysWow64\iccvid.dll
2010-11-07 03:16 . 2010-11-07 03:16 5507968 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-11-07 03:16 . 2010-11-07 03:16 3955080 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2010-11-07 03:16 . 2010-11-07 03:16 3899784 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2010-11-07 03:15 . 2010-11-07 03:15 1896832 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-11-07 03:15 . 2010-11-07 03:15 144384 ----a-w- c:\windows\system32\cdd.dll
2010-11-07 03:13 . 2010-11-07 03:13 1736608 ----a-w- c:\windows\system32\ntdll.dll
2010-11-07 03:13 . 2010-11-07 03:13 1289528 ----a-w- c:\windows\SysWow64\ntdll.dll
2010-11-07 03:13 . 2010-11-07 03:13 213888 ----a-w- c:\windows\system32\drivers\rdyboost.sys
2010-11-07 03:09 . 2010-11-07 03:09 84992 ----a-w- c:\windows\system32\asycfilt.dll
2010-11-07 03:09 . 2010-11-07 03:09 67584 ----a-w- c:\windows\SysWow64\asycfilt.dll
2010-11-07 03:08 . 2010-11-07 03:08 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2010-11-07 03:08 . 2010-11-07 03:08 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2010-11-07 03:08 . 2010-11-07 03:08 153160 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2010-11-07 03:08 . 2010-11-07 03:08 1446912 ----a-w- c:\windows\system32\lsasrv.dll
2010-11-07 03:08 . 2010-11-07 03:08 14336 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2010-11-07 03:07 . 2010-11-07 03:07 612352 ----a-w- c:\windows\system32\vbscript.dll
2010-11-07 03:07 . 2010-11-07 03:07 427520 ----a-w- c:\windows\SysWow64\vbscript.dll
2010-11-07 03:06 . 2010-11-07 03:06 286720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-11-07 03:06 . 2010-11-07 03:06 157696 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-11-07 03:06 . 2010-11-07 03:06 125952 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-11-07 03:05 . 2010-11-07 03:05 139264 ----a-w- c:\windows\system32\cabview.dll
2010-11-07 03:05 . 2010-11-07 03:05 132608 ----a-w- c:\windows\SysWow64\cabview.dll
2010-11-07 03:04 . 2010-11-07 03:04 220672 ----a-w- c:\windows\system32\wintrust.dll
2010-11-07 03:04 . 2010-11-07 03:04 172032 ----a-w- c:\windows\SysWow64\wintrust.dll
2010-11-07 03:04 . 2010-11-07 03:04 613888 ----a-w- c:\windows\system32\psisdecd.dll
2010-11-07 03:04 . 2010-11-07 03:04 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2010-11-07 03:02 . 2010-11-07 03:02 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2010-11-07 03:02 . 2010-11-07 03:02 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2010-11-07 03:02 . 2010-11-07 03:02 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2010-11-07 03:02 . 2010-11-07 03:02 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2010-11-07 03:02 . 2010-11-07 03:02 243200 ----a-w- c:\windows\system32\wow64.dll
2010-11-07 03:02 . 2010-11-07 03:02 2048 ----a-w- c:\windows\SysWow64\user.exe
2010-11-07 03:02 . 2010-11-07 03:02 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2010-11-07 03:01 . 2010-11-07 03:01 389632 ----a-w- c:\windows\system32\winlogon.exe
2010-11-07 03:01 . 2010-11-07 03:01 2870272 ----a-w- c:\windows\explorer.exe
2010-11-07 03:01 . 2010-11-07 03:01 2614272 ----a-w- c:\windows\SysWow64\explorer.exe
2010-11-07 03:00 . 2010-11-07 03:00 91648 ----a-w- c:\windows\SysWow64\avifil32.dll
2010-11-07 03:00 . 2010-11-07 03:00 84480 ----a-w- c:\windows\SysWow64\mciavi32.dll
2010-11-07 03:00 . 2010-11-07 03:00 54272 ----a-w- c:\windows\system32\iyuv_32.dll
2010-11-07 03:00 . 2010-11-07 03:00 50176 ----a-w- c:\windows\SysWow64\iyuv_32.dll
2010-11-07 03:00 . 2010-11-07 03:00 38912 ----a-w- c:\windows\system32\msvidc32.dll
2010-11-07 03:00 . 2010-11-07 03:00 31744 ----a-w- c:\windows\SysWow64\msvidc32.dll
2010-11-07 03:00 . 2010-11-07 03:00 25088 ----a-w- c:\windows\system32\msyuv.dll
2010-11-07 03:00 . 2010-11-07 03:00 22016 ----a-w- c:\windows\SysWow64\msyuv.dll
2010-11-07 03:00 . 2010-11-07 03:00 16384 ----a-w- c:\windows\system32\msrle32.dll
2010-11-07 03:00 . 2010-11-07 03:00 1572352 ----a-w- c:\windows\system32\quartz.dll
2010-11-07 03:00 . 2010-11-07 03:00 14848 ----a-w- c:\windows\system32\tsbyuv.dll
2010-11-07 03:00 . 2010-11-07 03:00 13312 ----a-w- c:\windows\SysWow64\msrle32.dll
2010-11-07 03:00 . 2010-11-07 03:00 1328640 ----a-w- c:\windows\SysWow64\quartz.dll
2010-11-07 03:00 . 2010-11-07 03:00 12288 ----a-w- c:\windows\SysWow64\tsbyuv.dll
2010-11-07 02:57 . 2010-11-07 02:57 85504 ----a-w- c:\windows\SysWow64\secproc_ssp_isv.dll
2010-11-07 02:57 . 2010-11-07 02:57 85504 ----a-w- c:\windows\SysWow64\secproc_ssp.dll
2010-11-07 02:57 . 2010-11-07 02:57 424960 ----a-w- c:\windows\system32\secproc.dll
2010-11-07 02:57 . 2010-11-07 02:57 422912 ----a-w- c:\windows\system32\secproc_isv.dll
2010-11-07 02:57 . 2010-11-07 02:57 369152 ----a-w- c:\windows\SysWow64\secproc.dll
2010-11-07 02:57 . 2010-11-07 02:57 365568 ----a-w- c:\windows\SysWow64\secproc_isv.dll
2010-11-07 02:57 . 2010-11-07 02:57 357888 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-11-07 02:57 . 2010-11-07 02:57 356352 ----a-w- c:\windows\system32\RMActivate.exe
2010-11-07 02:57 . 2010-11-07 02:57 324608 ----a-w- c:\windows\SysWow64\RMActivate_isv.exe
2010-11-07 02:57 . 2010-11-07 02:57 320512 ----a-w- c:\windows\SysWow64\RMActivate.exe
2010-11-07 02:57 . 2010-11-07 02:57 306688 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-11-07 02:57 . 2010-11-07 02:57 305152 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-11-07 02:57 . 2010-11-07 02:57 280064 ----a-w- c:\windows\SysWow64\RMActivate_ssp.exe
2010-11-07 02:57 . 2010-11-07 02:57 277504 ----a-w- c:\windows\SysWow64\RMActivate_ssp_isv.exe
2010-11-07 02:57 . 2010-11-07 02:57 121856 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-11-07 02:57 . 2010-11-07 02:57 121856 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-11-07 02:57 . 2010-11-07 02:57 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2010-11-07 02:57 . 2010-11-07 02:57 100864 ----a-w- c:\windows\system32\fontsub.dll
2010-11-07 02:53 . 2010-11-07 02:53 311808 ----a-w- c:\windows\system32\msv1_0.dll
2010-11-07 02:53 . 2010-11-07 02:53 257024 ----a-w- c:\windows\SysWow64\msv1_0.dll
2010-11-07 02:53 . 2010-11-07 02:53 46592 ----a-w- c:\windows\system32\msasn1.dll
2010-11-07 02:53 . 2010-11-07 02:53 34816 ----a-w- c:\windows\SysWow64\msasn1.dll
2010-11-07 02:52 . 2010-11-07 02:52 982600 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2010-11-07 02:52 . 2010-11-07 02:52 1975296 ----a-w- c:\windows\system32\CertEnroll.dll
2010-11-07 02:52 . 2010-11-07 02:52 1320960 ----a-w- c:\windows\SysWow64\CertEnroll.dll
2010-11-07 02:43 . 2010-11-07 02:43 29480 ----a-w- c:\windows\SysWow64\msxml3a.dll
2010-11-07 02:43 . 2010-11-07 02:43 505128 ----a-w- c:\windows\SysWow64\msvcp71.dll
2010-11-07 02:43 . 2010-11-07 02:43 353576 ----a-w- c:\windows\SysWow64\msvcr71.dll
.

((((((((((((((((((((((((((((( SnapShot@2011-01-22_14.06.13 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-01-22 19:02 . 2009-11-25 04:47 11600 c:\windows\SysWOW64\MUI\0409\mscorees.dll
- 2009-07-13 23:42 . 2009-07-14 01:15 67072 c:\windows\SysWOW64\mshtmled.dll
+ 2011-01-22 05:05 . 2010-11-04 05:49 67072 c:\windows\SysWOW64\mshtmled.dll
+ 2011-01-22 05:05 . 2010-11-04 05:46 12800 c:\windows\SysWOW64\msfeedssync.exe
- 2010-11-07 03:20 . 2010-11-07 03:20 12800 c:\windows\SysWOW64\msfeedssync.exe
+ 2011-01-22 05:05 . 2010-11-04 05:49 64512 c:\windows\SysWOW64\msfeedsbs.dll
- 2010-11-07 03:20 . 2010-11-07 03:20 64512 c:\windows\SysWOW64\msfeedsbs.dll
- 2010-11-07 03:20 . 2010-11-07 03:20 68608 c:\windows\SysWOW64\migration\WininetPlugin.dll
+ 2011-01-22 05:05 . 2010-11-04 05:52 68608 c:\windows\SysWOW64\migration\WininetPlugin.dll
+ 2011-01-22 05:05 . 2010-11-04 05:48 44544 c:\windows\SysWOW64\licmgr10.dll
+ 2011-01-22 05:05 . 2010-11-04 05:48 48128 c:\windows\SysWOW64\jsproxy.dll
- 2010-11-07 03:20 . 2010-11-07 03:20 48128 c:\windows\SysWOW64\jsproxy.dll
+ 2011-01-23 08:37 . 2011-01-23 08:37 13330 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2009-07-14 04:54 . 2011-01-23 09:32 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-01-22 13:58 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-09-17 07:29 . 2008-09-17 07:29 20040 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\IdentityCRL\production\ppcrlconfig.dll
+ 2009-07-14 04:54 . 2011-01-23 09:32 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-01-22 13:58 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-01-23 09:32 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-01-22 13:58 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-01-22 05:05 . 2010-10-20 04:54 34304 c:\windows\SysWOW64\atmlib.dll
- 2010-11-07 03:10 . 2010-11-07 03:10 34304 c:\windows\SysWOW64\atmlib.dll
+ 2010-11-07 03:14 . 2011-01-23 09:33 34120 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-01-23 09:33 30082 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-08-04 06:25 . 2011-01-23 08:37 97700 c:\windows\system32\prfc0404.dat
+ 2011-01-22 19:02 . 2009-11-25 04:47 11600 c:\windows\system32\MUI\0409\mscorees.dll
- 2009-07-13 20:37 . 2009-06-10 20:40 11600 c:\windows\system32\MUI\0409\mscorees.dll
+ 2011-01-22 05:05 . 2010-11-04 06:32 97280 c:\windows\system32\mshtmled.dll
- 2009-07-13 23:58 . 2009-07-14 01:41 97280 c:\windows\system32\mshtmled.dll
+ 2011-01-22 05:05 . 2010-11-04 06:28 12288 c:\windows\system32\msfeedssync.exe
- 2010-11-07 03:20 . 2010-11-07 03:20 12288 c:\windows\system32\msfeedssync.exe
- 2010-11-07 03:20 . 2010-11-07 03:20 82944 c:\windows\system32\msfeedsbs.dll
+ 2011-01-22 05:05 . 2010-11-04 06:32 82944 c:\windows\system32\msfeedsbs.dll
+ 2011-01-22 05:05 . 2010-11-04 06:35 95232 c:\windows\system32\migration\WininetPlugin.dll
- 2010-11-07 03:20 . 2010-11-07 03:20 95232 c:\windows\system32\migration\WininetPlugin.dll
+ 2011-01-22 05:05 . 2010-11-04 06:31 57856 c:\windows\system32\licmgr10.dll
- 2010-11-07 03:20 . 2010-11-07 03:20 64512 c:\windows\system32\jsproxy.dll
+ 2011-01-22 05:05 . 2010-11-04 06:31 64512 c:\windows\system32\jsproxy.dll
+ 2009-07-14 05:30 . 2011-01-23 05:41 86016 c:\windows\system32\DriverStore\infpub.dat
- 2009-07-14 05:30 . 2011-01-21 15:10 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2010-09-28 07:44 . 2010-09-28 07:44 51712 c:\windows\system32\drivers\usbaapl64.sys
+ 2010-04-23 17:10 . 2010-04-23 17:10 22376 c:\windows\system32\drivers\Sftvollh.sys
- 2009-12-02 14:23 . 2009-12-02 14:23 22376 c:\windows\system32\drivers\Sftvollh.sys
- 2009-12-02 14:23 . 2009-12-02 14:23 25960 c:\windows\system32\drivers\Sftredirlh.sys
+ 2010-04-23 17:10 . 2010-04-23 17:10 25960 c:\windows\system32\drivers\Sftredirlh.sys
+ 2010-10-24 13:25 . 2010-10-24 13:25 72064 c:\windows\system32\drivers\NisDrvWFP.sys
+ 2010-10-24 13:25 . 2010-10-24 13:25 40832 c:\windows\system32\drivers\MpNWMon.sys
+ 2011-01-22 05:05 . 2010-07-13 05:37 27008 c:\windows\system32\drivers\Diskdump.sys
+ 2011-01-22 03:47 . 2011-01-22 19:09 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-01-22 03:47 . 2011-01-22 11:27 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-01-22 19:00 . 2011-01-22 19:09 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-01-22 03:47 . 2011-01-22 11:27 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-01-22 19:09 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-01-22 11:27 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-11-07 03:10 . 2010-11-07 03:10 46080 c:\windows\system32\atmlib.dll
+ 2011-01-22 05:05 . 2010-10-20 05:20 46080 c:\windows\system32\atmlib.dll
- 2011-01-21 13:06 . 2011-01-22 13:59 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-01-21 13:06 . 2011-01-23 09:32 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:46 . 2011-01-23 07:36 78720 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2011-01-21 13:06 . 2011-01-23 09:32 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-01-21 13:06 . 2011-01-22 13:59 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-01-21 13:06 . 2011-01-22 13:59 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-01-21 13:06 . 2011-01-23 09:32 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-01-21 11:58 . 2011-01-23 09:32 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-01-21 11:58 . 2011-01-22 13:59 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-01-21 11:58 . 2011-01-23 09:32 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-01-21 11:58 . 2011-01-22 13:59 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-01-22 05:05 . 2010-09-23 22:29 42320 c:\windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_wp.exe
- 2009-07-13 20:37 . 2009-06-10 20:39 42320 c:\windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_wp.exe
- 2009-07-13 20:46 . 2009-06-10 21:22 30544 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2011-01-22 05:05 . 2010-09-23 22:31 30544 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
- 2011-01-22 11:26 . 2011-01-22 11:26 89952 c:\windows\Installer\{90140000-006D-0409-1000-0000000FF1CE}\cvhicon.exe
+ 2011-01-23 08:37 . 2011-01-23 08:37 89952 c:\windows\Installer\{90140000-006D-0409-1000-0000000FF1CE}\cvhicon.exe
+ 2011-01-22 19:02 . 2011-01-22 20:41 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2011-01-23 06:23 . 2011-01-23 06:23 60416 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Pres#\3eb00c0f6d2c75c4c701c912683efd87\System.Windows.Presentation.ni.dll
+ 2011-01-23 06:23 . 2011-01-23 06:23 54784 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\83c64207e6517ef87908d7a8f7329217\System.Web.DynamicData.Design.ni.dll
+ 2011-01-23 06:22 . 2011-01-23 06:22 72192 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFontCac#\f39d125fbdc6bc9a7568e11938dd95ba\PresentationFontCache.ni.exe
+ 2011-01-22 19:12 . 2011-01-22 19:12 61952 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationCFFRast#\b14ddb7d273349ef52dfe59707ca88f0\PresentationCFFRasterizer.ni.dll
+ 2011-01-23 06:08 . 2011-01-23 06:08 40960 c:\windows\assembly\NativeImages_v2.0.50727_64\LoadMxf\895d760b0f30ebde7949dd96c8c38a58\LoadMxf.ni.exe
+ 2011-01-22 19:13 . 2011-01-22 19:13 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\a06f86c78df5896fab27ef63a467f757\UIAutomationProvider.ni.dll
+ 2011-01-23 06:07 . 2011-01-23 06:07 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\101740bb080b93dcd57cca0b49561b5b\System.Windows.Presentation.ni.dll
+ 2011-01-23 06:07 . 2011-01-23 06:07 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\e822673e35e142ea7337480e677ae0db\System.Web.DynamicData.Design.ni.dll
+ 2011-01-23 06:06 . 2011-01-23 06:06 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\4f643751eda6cafe890f0884a6ec7392\System.ComponentModel.DataAnnotations.ni.dll
+ 2011-01-23 06:06 . 2011-01-23 06:06 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\cda6307ec359333afe51ed90f61db564\PresentationFontCache.ni.exe
+ 2011-01-22 19:14 . 2011-01-22 19:14 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\e117973434189b11c49b65513d458a41\PresentationCFFRasterizer.ni.dll
- 2009-07-13 23:37 . 2009-07-14 01:16 9728 c:\windows\SysWOW64\sscore.dll
+ 2011-01-22 05:05 . 2010-08-27 05:46 9728 c:\windows\SysWOW64\sscore.dll
+ 2011-01-21 11:52 . 2011-01-23 09:33 3356 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2599028417-4041818518-3215170054-1002_UserData.bin
- 2011-01-22 13:58 . 2011-01-22 13:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-01-23 09:31 . 2011-01-23 09:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-01-23 09:31 . 2011-01-23 09:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-01-22 13:58 . 2011-01-22 13:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-01-22 05:05 . 2010-08-21 05:36 738816 c:\windows\SysWOW64\wmpmde.dll
- 2009-07-14 00:04 . 2009-07-14 01:16 738816 c:\windows\SysWOW64\wmpmde.dll
+ 2011-01-22 05:05 . 2010-11-04 05:52 978944 c:\windows\SysWOW64\wininet.dll
+ 2011-01-22 05:05 . 2010-10-16 04:36 314368 c:\windows\SysWOW64\webio.dll
+ 2011-01-22 19:07 . 2011-01-22 19:02 128424 c:\windows\SysWOW64\Wat\WatWeb.dll
+ 2011-01-22 19:07 . 2011-01-22 19:02 114600 c:\windows\SysWOW64\Wat\npWatWeb.dll
- 2009-07-13 23:30 . 2009-07-14 01:16 496128 c:\windows\SysWOW64\taskschd.dll
+ 2011-01-22 05:05 . 2010-11-02 04:40 496128 c:\windows\SysWOW64\taskschd.dll
+ 2011-01-22 05:05 . 2010-11-02 04:34 192000 c:\windows\SysWOW64\taskeng.exe
+ 2011-01-22 05:05 . 2010-11-02 04:40 305152 c:\windows\SysWOW64\taskcomp.dll
+ 2011-01-22 05:05 . 2010-08-26 04:39 109056 c:\windows\SysWOW64\t2embed.dll
+ 2011-01-22 05:05 . 2010-05-05 06:46 363520 c:\windows\SysWOW64\StructuredQuery.dll
- 2009-07-14 00:12 . 2009-07-14 01:16 363520 c:\windows\SysWOW64\StructuredQuery.dll
+ 2011-01-22 05:05 . 2010-11-02 04:34 179712 c:\windows\SysWOW64\schtasks.exe
- 2010-11-07 03:16 . 2010-11-07 03:16 224256 c:\windows\SysWOW64\schannel.dll
+ 2011-01-22 05:05 . 2010-08-21 05:36 224256 c:\windows\SysWOW64\schannel.dll
+ 2011-01-22 05:05 . 2010-10-16 04:34 573440 c:\windows\SysWOW64\odbc32.dll
- 2010-11-07 03:20 . 2010-11-07 03:20 606208 c:\windows\SysWOW64\mstime.dll
+ 2011-01-22 05:05 . 2010-11-04 05:49 606208 c:\windows\SysWOW64\mstime.dll
+ 2011-01-22 05:05 . 2010-11-04 05:49 599040 c:\windows\SysWOW64\msfeeds.dll
+ 2011-01-22 05:05 . 2010-08-31 04:32 954288 c:\windows\SysWOW64\mfc40u.dll
+ 2011-01-22 05:05 . 2010-08-31 04:32 954752 c:\windows\SysWOW64\mfc40.dll
+ 2011-01-22 05:05 . 2010-03-04 07:33 740864 c:\windows\SysWOW64\inetcomm.dll
- 2009-07-13 23:42 . 2009-07-14 01:15 740864 c:\windows\SysWOW64\inetcomm.dll
+ 2011-01-22 05:05 . 2010-11-04 05:48 176640 c:\windows\SysWOW64\ieui.dll
- 2010-11-07 03:20 . 2010-11-07 03:20 176640 c:\windows\SysWOW64\ieui.dll
+ 2011-01-22 05:05 . 2010-11-04 05:48 185856 c:\windows\SysWOW64\iepeers.dll
- 2010-11-07 03:20 . 2010-11-07 03:20 185856 c:\windows\SysWOW64\iepeers.dll
+ 2011-01-22 05:05 . 2010-11-04 05:48 381440 c:\windows\SysWOW64\iedkcs32.dll
- 2010-11-07 03:20 . 2010-11-07 03:20 381440 c:\windows\SysWOW64\iedkcs32.dll
- 2010-11-07 03:14 . 2010-11-07 03:14 641536 c:\windows\SysWOW64\CPFilters.dll
+ 2011-01-22 05:05 . 2010-08-04 06:18 641536 c:\windows\SysWOW64\CPFilters.dll
- 2009-07-13 23:39 . 2009-07-14 01:15 530432 c:\windows\SysWOW64\comctl32.dll
+ 2011-01-22 05:05 . 2010-08-21 05:33 530432 c:\windows\SysWOW64\comctl32.dll
+ 2011-01-22 05:05 . 2010-10-20 02:58 294400 c:\windows\SysWOW64\atmfd.dll
+ 2011-01-22 05:05 . 2010-11-02 05:18 524288 c:\windows\system32\wmicmiplugin.dll
+ 2011-01-22 05:05 . 2010-10-16 05:19 395776 c:\windows\system32\webio.dll
+ 2011-01-21 13:06 . 2011-01-23 13:41 164284 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2011-01-22 19:07 . 2011-01-22 19:02 152888 c:\windows\system32\Wat\WatWeb.dll
+ 2011-01-22 19:07 . 2011-01-22 19:02 249656 c:\windows\system32\Wat\WatUX.exe
+ 2011-01-22 19:07 . 2011-01-22 19:02 138664 c:\windows\system32\Wat\npWatWeb.dll
+ 2011-01-22 05:05 . 2010-11-02 05:10 464384 c:\windows\system32\taskeng.exe
- 2009-07-13 23:47 . 2009-07-14 01:41 473600 c:\windows\system32\taskcomp.dll
+ 2011-01-22 05:05 . 2010-11-02 05:17 473600 c:\windows\system32\taskcomp.dll
+ 2011-01-22 05:05 . 2010-08-26 05:27 148992 c:\windows\system32\t2embed.dll
+ 2011-01-22 05:05 . 2010-05-05 07:37 483840 c:\windows\system32\StructuredQuery.dll
- 2009-07-14 00:29 . 2009-07-14 01:41 483840 c:\windows\system32\StructuredQuery.dll
+ 2011-01-22 05:05 . 2010-08-27 06:14 236032 c:\windows\system32\srvsvc.dll
+ 2011-01-22 05:05 . 2010-11-02 05:10 285696 c:\windows\system32\schtasks.exe
- 2010-11-07 03:16 . 2010-11-07 03:16 340992 c:\windows\system32\schannel.dll
+ 2011-01-22 05:05 . 2010-08-21 06:36 340992 c:\windows\system32\schannel.dll
+ 2009-08-04 06:31 . 2011-01-23 08:37 672628 c:\windows\system32\prfh0816.dat
+ 2009-08-04 06:56 . 2011-01-23 08:37 357872 c:\windows\system32\prfh0804.dat
+ 2009-08-04 06:25 . 2011-01-23 08:37 373842 c:\windows\system32\prfh0404.dat
+ 2009-08-04 06:31 . 2011-01-23 08:37 131772 c:\windows\system32\prfc0816.dat
+ 2009-08-04 06:56 . 2011-01-23 08:37 102614 c:\windows\system32\prfc0804.dat
+ 2009-08-04 06:05 . 2011-01-23 08:37 687498 c:\windows\system32\perfh00C.dat
+ 2009-08-04 05:59 . 2011-01-23 08:37 686544 c:\windows\system32\perfh00A.dat
+ 2009-07-14 02:36 . 2011-01-23 08:37 609734 c:\windows\system32\perfh009.dat
+ 2009-08-04 06:05 . 2011-01-23 08:37 128256 c:\windows\system32\perfc00C.dat
+ 2009-08-04 05:59 . 2011-01-23 08:37 134890 c:\windows\system32\perfc00A.dat
+ 2009-07-14 02:36 . 2011-01-23 08:37 104754 c:\windows\system32\perfc009.dat
+ 2011-01-22 05:05 . 2010-10-16 05:17 720896 c:\windows\system32\odbc32.dll
+ 2011-01-22 05:05 . 2010-11-04 06:32 703488 c:\windows\system32\msfeeds.dll
- 2010-11-07 03:14 . 2010-11-07 03:14 552960 c:\windows\system32\msdri.dll
+ 2011-01-22 05:05 . 2010-08-04 07:07 552960 c:\windows\system32\msdri.dll
- 2009-07-13 23:59 . 2009-07-14 01:41 976896 c:\windows\system32\inetcomm.dll
+ 2011-01-22 05:05 . 2010-03-04 07:57 976896 c:\windows\system32\inetcomm.dll
+ 2011-01-22 05:05 . 2010-11-04 06:31 247808 c:\windows\system32\ieui.dll
- 2010-11-07 03:20 . 2010-11-07 03:20 247808 c:\windows\system32\ieui.dll
- 2010-11-07 03:20 . 2010-11-07 03:20 256000 c:\windows\system32\iepeers.dll
+ 2011-01-22 05:05 . 2010-11-04 06:31 256000 c:\windows\system32\iepeers.dll
- 2010-11-07 03:20 . 2010-11-07 03:20 445952 c:\windows\system32\iedkcs32.dll
+ 2011-01-22 05:05 . 2010-11-04 06:31 445952 c:\windows\system32\iedkcs32.dll
+ 2009-07-14 04:45 . 2011-01-22 19:09 300680 c:\windows\system32\FNTCACHE.DAT
- 2009-07-14 04:45 . 2011-01-22 13:58 300680 c:\windows\system32\FNTCACHE.DAT
- 2009-07-14 05:30 . 2011-01-21 15:10 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2011-01-23 05:41 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2011-01-22 19:07 143360 c:\windows\system32\DriverStore\infstor.dat
- 2009-07-14 05:30 . 2011-01-21 15:10 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2011-01-22 19:00 . 2010-03-04 04:40 184832 c:\windows\system32\DriverStore\FileRepository\usbvideo.inf_amd64_neutral_23bfbf6f668380d6\usbvideo.sys
+ 2009-07-14 05:31 . 2011-01-22 19:07 399360 c:\windows\system32\DriverStore\drvindex.dat
- 2009-07-14 05:31 . 2010-11-07 03:06 399360 c:\windows\system32\DriverStore\drvindex.dat
+ 2011-01-22 05:05 . 2010-08-27 03:37 161792 c:\windows\system32\drivers\srvnet.sys
+ 2011-01-22 05:05 . 2010-08-27 03:37 402944 c:\windows\system32\drivers\srv2.sys
+ 2011-01-22 05:05 . 2010-08-27 03:38 463360 c:\windows\system32\drivers\srv.sys
- 2010-11-07 03:17 . 2010-11-07 03:17 463360 c:\windows\system32\drivers\srv.sys
- 2009-12-02 14:23 . 2009-12-02 14:23 269672 c:\windows\system32\drivers\Sftplaylh.sys
+ 2010-04-23 17:10 . 2010-04-23 17:10 269672 c:\windows\system32\drivers\Sftplaylh.sys
- 2009-12-02 14:23 . 2009-12-02 14:23 721768 c:\windows\system32\drivers\Sftfslh.sys
+ 2010-04-23 17:10 . 2010-04-23 17:10 721768 c:\windows\system32\drivers\Sftfslh.sys
+ 2010-10-24 13:25 . 2010-10-24 13:25 188928 c:\windows\system32\drivers\MpFilter.sys
- 2009-07-13 23:22 . 2009-07-14 01:43 223448 c:\windows\system32\drivers\fvevol.sys
+ 2011-01-22 05:05 . 2009-09-26 06:20 223448 c:\windows\system32\drivers\fvevol.sys
+ 2011-01-22 05:05 . 2010-08-04 07:07 961024 c:\windows\system32\CPFilters.dll
- 2010-11-07 03:14 . 2010-11-07 03:14 961024 c:\windows\system32\CPFilters.dll
+ 2011-01-22 05:05 . 2010-10-16 05:23 112000 c:\windows\system32\consent.exe
- 2009-07-13 23:55 . 2009-07-14 01:40 633856 c:\windows\system32\comctl32.dll
+ 2011-01-22 05:05 . 2010-08-21 06:31 633856 c:\windows\system32\comctl32.dll
+ 2011-01-22 05:05 . 2010-10-20 03:05 367104 c:\windows\system32\atmfd.dll
+ 2010-11-07 03:25 . 2011-01-23 08:37 443168 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-01-22 05:05 . 2010-03-02 23:23 171368 c:\windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationHostDLL.dll
+ 2011-01-22 05:05 . 2010-09-23 22:29 744272 c:\windows\Microsoft.NET\Framework64\v2.0.50727\webengine.dll
- 2009-07-13 20:37 . 2009-06-10 20:40 258048 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.Security.dll
+ 2011-01-22 05:05 . 2010-03-03 23:26 258048 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.Security.dll
+ 2011-01-22 05:05 . 2010-03-02 23:24 130408 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll
+ 2011-01-22 05:05 . 2010-09-23 22:31 436048 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
- 2009-07-13 20:46 . 2009-06-10 21:23 436048 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
- 2009-07-13 20:46 . 2009-06-10 21:23 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
+ 2011-01-22 05:05 . 2010-03-03 23:27 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
+ 2009-02-17 08:25 . 2009-02-17 08:25 917504 c:\windows\Installer\6c7358.msi
+ 2009-07-21 16:01 . 2009-07-21 16:01 251904 c:\windows\Installer\54a2f9.msi
+ 2009-07-21 16:31 . 2009-07-21 16:31 209408 c:\windows\Installer\1c2d7b.msi
+ 2011-01-22 05:05 . 2010-08-04 07:14 114688 c:\windows\ehome\Microsoft.MediaCenter.Playback.dll
- 2010-11-07 03:14 . 2010-11-07 03:14 114688 c:\windows\ehome\Microsoft.MediaCenter.Playback.dll
+ 2011-01-22 05:05 . 2010-08-04 07:14 198656 c:\windows\ehome\mcupdate.exe
+ 2011-01-22 05:05 . 2010-08-04 06:28 638976 c:\windows\ehome\mcstore.dll
- 2010-11-07 03:14 . 2010-11-07 03:14 957952 c:\windows\ehome\mcplayer.dll
+ 2011-01-22 05:05 . 2010-08-04 07:07 957952 c:\windows\ehome\mcplayer.dll
+ 2011-01-22 05:05 . 2010-08-04 07:14 741376 c:\windows\ehome\mcepg.dll
+ 2011-01-22 05:05 . 2010-08-04 07:05 696320 c:\windows\ehome\ehrecvr.exe
- 2010-11-07 03:14 . 2010-11-07 03:14 696320 c:\windows\ehome\ehrecvr.exe
+ 2011-01-22 05:05 . 2010-08-04 07:05 295936 c:\windows\ehome\ehprivjob.exe
- 2010-11-07 03:14 . 2010-11-07 03:14 150528 c:\windows\ehome\ehPresenter.dll
+ 2011-01-22 05:05 . 2010-08-04 07:07 150528 c:\windows\ehome\ehPresenter.dll
- 2010-11-07 03:14 . 2010-11-07 03:14 758784 c:\windows\ehome\ehglid.dll
+ 2011-01-22 05:05 . 2010-08-04 07:07 758784 c:\windows\ehome\ehglid.dll
+ 2011-01-23 06:23 . 2011-01-23 06:23 329216 c:\windows\assembly\NativeImages_v2.0.50727_64\WindowsFormsIntegra#\233c5b7d4eee16e35d7edbc2aec30325\WindowsFormsIntegration.ni.dll
+ 2011-01-22 19:12 . 2011-01-22 19:12 120832 c:\windows\assembly\NativeImages_v2.0.50727_64\UIAutomationProvider\d5cdcd34bde518636408f4d109c45a89\UIAutomationProvider.ni.dll
+ 2011-01-23 06:08 . 2011-01-23 06:08 653312 c:\windows\assembly\NativeImages_v2.0.50727_64\UIAutomationClient\82738204150743962b3def5f4c991cd9\UIAutomationClient.ni.dll
+ 2011-01-23 06:22 . 2011-01-23 06:22 529920 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Xml.Linq\968d5779801bd2c7407c32e7c9abd95e\System.Xml.Linq.ni.dll
+ 2011-01-23 06:23 . 2011-01-23 06:23 187392 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Routing\02df6648ef501c7febb72ef9c59fab47\System.Web.Routing.ni.dll
+ 2011-01-23 06:23 . 2011-01-23 06:23 449024 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity\41a3cd5d1a21e48f3abb9736e77664ae\System.Web.Entity.ni.dll
+ 2011-01-23 06:23 . 2011-01-23 06:23 398848 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity.D#\c859c4a6661db4ca62a5006df6427bc8\System.Web.Entity.Design.ni.dll
+ 2011-01-23 06:23 . 2011-01-23 06:23 753664 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\e96d65644a700fe5c931accdfa1fc319\System.Web.DynamicData.ni.dll
+ 2011-01-23 06:22 . 2011-01-23 06:22 204800 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Abstract#\c5e32b71231a8276885dbbedf1d8f9cd\System.Web.Abstractions.ni.dll
+ 2011-01-22 19:10 . 2011-01-22 19:10 928768 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Security\393080d93e045aa8c5e5ef4bdf1bcd2f\System.Security.ni.dll
+ 2011-01-23 06:23 . 2011-01-23 06:23 534016 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Management.I#\a708c96ae60ebaff995a3c277504ccce\System.Management.Instrumentation.ni.dll
+ 2011-01-23 06:23 . 2011-01-23 06:23 493056 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Service#\173cab3cdcbcb1c9312d0578e42136d6\System.Data.Services.Design.ni.dll
+ 2011-01-23 06:22 . 2011-01-23 06:22 194560 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.DataSet#\3e3e3779ca0193f5484e4a10cf5adade\System.Data.DataSetExtensions.ni.dll
+ 2011-01-23 06:22 . 2011-01-23 06:22 132096 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ComponentMod#\08a9c49ecfc099e06ca1f3e9de73833b\System.ComponentModel.DataAnnotations.ni.dll
+ 2011-01-22 19:13 . 2011-01-22 19:13 463360 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\b769d64a337b65102d2f0e4359e1d93d\PresentationFramework.Aero.ni.dll
+ 2011-01-22 19:13 . 2011-01-22 19:13 317440 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\40e3c7e9d18f016f658e658cd0202090\PresentationFramework.Royale.ni.dll
+ 2011-01-22 19:13 . 2011-01-22 19:13 620544 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\1eb8ef418ff5efa5e646932285da883d\PresentationFramework.Luna.ni.dll
+ 2011-01-22 19:13 . 2011-01-22 19:13 279040 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\1621090f5079608191711e822489ee8d\PresentationFramework.Classic.ni.dll
+ 2011-01-23 06:08 . 2011-01-23 06:08 416768 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\d63ae63e9d4d23527c1cfa631ecde452\Microsoft.PowerShell.Commands.Diagnostics.ni.dll
+ 2011-01-23 06:08 . 2011-01-23 06:08 999936 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\aba40e6723350deb7f60f41b87ff3881\Microsoft.PowerShell.GraphicalHost.ni.dll
+ 2011-01-23 06:22 . 2011-01-23 06:22 237056 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\2415021b699a6c435d7eaa17108e2e2d\Microsoft.PowerShell.Security.ni.dll
+ 2011-01-22 19:11 . 2011-01-22 19:11 965632 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\9f8b73e50c348a3df406c5167e76450b\Microsoft.MediaCenter.Sports.ni.dll
+ 2011-01-22 19:11 . 2011-01-22 19:11 370176 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\8a05cb1569516dd4b230ef093904964b\Microsoft.MediaCenter.Playback.ni.dll
+ 2011-01-22 19:11 . 2011-01-22 19:11 312320 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\83f6238f001a4e1d6336b060513a3cf0\Microsoft.MediaCenter.iTv.ni.dll
+ 2011-01-22 19:11 . 2011-01-22 19:11 219648 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\1d9c727082322627026712da0ba23b71\Microsoft.MediaCenter.iTv.Media.ni.dll
+ 2011-01-22 19:11 . 2011-01-22 19:11 547328 c:\windows\assembly\NativeImages_v2.0.50727_64\mcupdate\3223a72129f5252d5a0d74a5c52e1401\mcupdate.ni.exe
+ 2011-01-22 19:11 . 2011-01-22 19:11 533504 c:\windows\assembly\NativeImages_v2.0.50727_64\mcstoredb\bad992d387e0797c4b4aab960bec4f46\mcstoredb.ni.dll
+ 2011-01-23 06:08 . 2011-01-23 06:08 549376 c:\windows\assembly\NativeImages_v2.0.50727_64\mcplayerinterop\115fdf172f33d1df8900274b4c1cb89e\mcplayerinterop.ni.dll
+ 2011-01-23 06:08 . 2011-01-23 06:08 696320 c:\windows\assembly\NativeImages_v2.0.50727_64\mcGlidHostObj\f149369b85744622d1090253886f6a6d\mcGlidHostObj.ni.dll
+ 2011-01-23 06:08 . 2011-01-23 06:08 156672 c:\windows\assembly\NativeImages_v2.0.50727_64\MCESidebarCtrl\ecb8a1e2ecdba4f896c7e259603cb480\MCESidebarCtrl.ni.dll
+ 2011-01-22 19:11 . 2011-01-22 19:11 969216 c:\windows\assembly\NativeImages_v2.0.50727_64\ehRecObj\27e6b6c22fff90e8539ce96179bfff1e\ehRecObj.ni.dll
+ 2011-01-23 06:05 . 2011-01-23 06:05 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\e4ff722f059290af38c903903d9a3d01\WindowsLiveLocal.WriterPlugin.ni.dll
+ 2011-01-23 06:05 . 2011-01-23 06:05 594944 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\c23f9153f677085d0bfce3ffb72316af\WindowsLive.Writer.HtmlEditor.ni.dll
+ 2011-01-23 06:05 . 2011-01-23 06:05 152064 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\90c88ee4624ad876a055458086ad2255\WindowsLive.Writer.HtmlParser.ni.dll
+ 2011-01-23 06:05 . 2011-01-23 06:05 851968 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\86e4d815d67a165ff6bb9fd7a8ebcd9a\WindowsLive.Writer.BlogClient.ni.dll
+ 2011-01-23 06:07 . 2011-01-23 06:07 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\d3ab00af09cebaa9eeef352712b6f6bf\WindowsFormsIntegration.ni.dll
+ 2011-01-23 06:06 . 2011-01-23 06:06 452096 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\b3fbd794181d7b93b807a5e74991b0f9\UIAutomationClient.ni.dll
+ 2011-01-23 06:07 . 2011-01-23 06:07 401408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\cc523d58068d01f874b18e665d49eb67\System.Xml.Linq.ni.dll
+ 2011-01-23 06:07 . 2011-01-23 06:07

mrbiglive · 2011/01/23

129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\1af53304e3fe10a7b15dc9937f607fc2\System.Web.Routing.ni.dll
+ 2011-01-23 06:07 . 2011-01-23 06:07 860160 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\20b3c587af6b5c9c9d36a21cd7baa2f4\System.Web.Extensions.Design.ni.dll
+ 2011-01-23 06:07 . 2011-01-23 06:07 328192 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\b67882ca3c8f2b92606b8f9673626286\System.Web.Entity.ni.dll
+ 2011-01-23 06:07 . 2011-01-23 06:07 301568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\df335f174e9789ff675fa67b6a254761\System.Web.Entity.Design.ni.dll
+ 2011-01-23 06:07 . 2011-01-23 06:07 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\531e45c33d3984d0c186c740fc9f5e48\System.Web.DynamicData.ni.dll
+ 2011-01-23 06:07 . 2011-01-23 06:07 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\115364cd934c1f77bbfd953c08ddacaf\System.Web.Abstractions.ni.dll
+ 2011-01-22 19:13 . 2011-01-22 19:13 680960 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\5025c0c5e7134226b2fc0c4bdabf67ef\System.Security.ni.dll
+ 2011-01-22 19:14 . 2011-01-22 19:14 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\6afe3a43d112ed5356d73468c5c44045\System.Runtime.Remoting.ni.dll
+ 2011-01-23 06:07 . 2011-01-23 06:07 330240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\9d42bf7e1d49e083bf8ca3dc44ee2b19\System.Management.Instrumentation.ni.dll
+ 2011-01-23 06:07 . 2011-01-23 06:07 356864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\d1d2e67b4b6908a0119966021363b7dc\System.Data.Services.Design.ni.dll
+ 2011-01-23 06:07 . 2011-01-23 06:07 946176 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\b7d5d32033299d1e34180f80aeb71748\System.Data.Services.Client.ni.dll
+ 2011-01-23 06:07 . 2011-01-23 06:07 762880 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\41ebde9c737eff80b86ac671b545b999\System.Data.Entity.Design.ni.dll
+ 2011-01-23 06:06 . 2011-01-23 06:06 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\b35e8ee9e538de0ce43719f73aca5833\System.Data.DataSetExtensions.ni.dll
+ 2011-01-22 19:13 . 2011-01-22 19:13 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\4be2653d1c9804d2ff6e6b66d22764e1\System.Configuration.ni.dll
+ 2011-01-22 19:14 . 2011-01-22 19:14 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\caa7dd69e03dada6747085a5f2d4fb0c\PresentationFramework.Aero.ni.dll
+ 2011-01-22 19:14 . 2011-01-22 19:14 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\9da2c4ccbf8dead2507879555e600ab7\PresentationFramework.Classic.ni.dll
+ 2011-01-22 19:14 . 2011-01-22 19:14 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\645eac5513e6a5587dd3f334d9fab4c2\PresentationFramework.Royale.ni.dll
+ 2011-01-22 19:14 . 2011-01-22 19:14 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\0aa86db18e6c85f0b6144ca8b6de9b52\PresentationFramework.Luna.ni.dll
+ 2011-01-23 06:06 . 2011-01-23 06:06 729088 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\8e65ea44f0c453e0f399e12605c373bf\Microsoft.PowerShell.GraphicalHost.ni.dll
+ 2011-01-23 06:06 . 2011-01-23 06:06 167424 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\5214f2892b88be6b998053009bdf3f8e\Microsoft.PowerShell.Security.ni.dll
+ 2011-01-23 06:06 . 2011-01-23 06:06 291328 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\49326f12d03146d04ec67446e1637bb2\Microsoft.PowerShell.Commands.Diagnostics.ni.dll
+ 2011-01-23 06:06 . 2011-01-23 06:06 364032 c:\windows\assembly\NativeImages_v2.0.50727_32\mcstoredb\0b2a9b485d99adc9b2f4f73b91f0358b\mcstoredb.ni.dll
+ 2011-01-23 06:06 . 2011-01-23 06:06 693248 c:\windows\assembly\NativeImages_v2.0.50727_32\ehRecObj\fa4ca687e85beb75ebeeeb530d5aa4f8\ehRecObj.ni.dll
+ 2011-01-22 05:05 . 2010-03-03 23:27 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2009-07-13 20:46 . 2009-06-10 21:23 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2011-01-22 05:05 . 2010-08-04 06:28 638976 c:\windows\assembly\GAC_MSIL\mcstore\6.1.0.0__31bf3856ad364e35\mcstore.dll
+ 2011-01-22 05:05 . 2010-08-04 07:14 741376 c:\windows\assembly\GAC_MSIL\mcepg\6.1.0.0__31bf3856ad364e35\mcepg.dll
- 2010-11-07 03:14 . 2010-11-07 03:14 114688 c:\windows\assembly\GAC_64\Microsoft.MediaCenter.Playback\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.Playback.dll
+ 2011-01-22 05:05 . 2010-08-04 07:14 114688 c:\windows\assembly\GAC_64\Microsoft.MediaCenter.Playback\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.Playback.dll
+ 2011-01-22 05:05 . 2010-08-04 07:14 198656 c:\windows\assembly\GAC_64\mcupdate\6.1.0.0__31bf3856ad364e35\mcupdate.exe
- 2010-11-07 03:23 . 2010-11-07 03:23 135168 c:\windows\AppPatch\AppPatch64\AcXtrnal.dll
+ 2011-01-22 05:05 . 2010-09-10 05:35 135168 c:\windows\AppPatch\AppPatch64\AcXtrnal.dll
- 2010-11-07 03:23 . 2010-11-07 03:23 347648 c:\windows\AppPatch\AppPatch64\AcLayers.dll
+ 2011-01-22 05:05 . 2010-09-10 05:35 347648 c:\windows\AppPatch\AppPatch64\AcLayers.dll
+ 2011-01-22 05:05 . 2010-11-04 05:52 1226752 c:\windows\SysWOW64\urlmon.dll
+ 2010-04-23 17:10 . 2010-04-23 17:10 1063784 c:\windows\SysWOW64\sftldr_wow64.dll
- 2009-12-02 14:23 . 2009-12-02 14:23 1063784 c:\windows\SysWOW64\sftldr_wow64.dll
+ 2011-01-22 05:05 . 2010-06-29 05:02 1413632 c:\windows\SysWOW64\ole32.dll
+ 2011-01-22 05:05 . 2010-11-04 05:49 5978112 c:\windows\SysWOW64\mshtml.dll
+ 2011-01-22 05:05 . 2010-11-04 05:48 2063360 c:\windows\SysWOW64\iertutil.dll
- 2009-07-14 00:19 . 2009-07-14 01:41 1024512 c:\windows\system32\wmpmde.dll
+ 2011-01-22 05:05 . 2010-08-21 06:38 1024512 c:\windows\system32\wmpmde.dll
+ 2011-01-22 05:05 . 2010-11-04 06:35 1194496 c:\windows\system32\wininet.dll
+ 2011-01-22 05:05 . 2010-10-20 03:09 3124224 c:\windows\system32\win32k.sys
+ 2011-01-22 19:07 . 2011-01-22 19:02 1255736 c:\windows\system32\Wat\WatAdminSvc.exe
+ 2010-09-28 07:44 . 2010-09-28 07:44 4184352 c:\windows\system32\usbaaplrc.dll
+ 2011-01-22 05:05 . 2010-11-04 06:35 1495040 c:\windows\system32\urlmon.dll
+ 2011-01-22 05:05 . 2010-11-02 05:17 1169408 c:\windows\system32\taskschd.dll
+ 2010-04-23 17:10 . 2010-04-23 17:10 1660264 c:\windows\system32\sftldr.dll
- 2009-12-02 14:23 . 2009-12-02 14:23 1660264 c:\windows\system32\sftldr.dll
+ 2011-01-22 05:05 . 2010-11-02 05:16 1114624 c:\windows\system32\schedsvc.dll
+ 2011-01-22 05:05 . 2010-06-29 05:39 2085376 c:\windows\system32\ole32.dll
+ 2011-01-22 05:05 . 2010-11-04 06:32 1026560 c:\windows\system32\mstime.dll
+ 2011-01-22 05:05 . 2010-11-04 06:32 9306624 c:\windows\system32\mshtml.dll
+ 2011-01-22 05:05 . 2010-11-04 06:31 2447872 c:\windows\system32\iertutil.dll
- 2009-07-14 04:45 . 2011-01-22 14:00 3798808 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2011-01-23 05:43 3798808 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2011-01-22 05:05 . 2010-09-23 22:29 5255168 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.Web.dll
+ 2011-01-22 05:05 . 2010-09-23 22:31 5246976 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2010-11-14 07:00 . 2010-11-14 07:00 2697216 c:\windows\Installer\2678d4.msi
+ 2010-11-30 05:34 . 2010-11-30 05:34 1682432 c:\windows\Installer\2678cd.msi
+ 2010-06-10 12:22 . 2010-06-10 12:22 8934912 c:\windows\Installer\1c2d9e.msp
+ 2010-06-10 12:22 . 2010-06-10 12:22 5893120 c:\windows\Installer\1c2d9d.msp
+ 2010-02-27 18:33 . 2010-02-27 18:33 4817336 c:\windows\Installer\$PatchCache$\Managed\00004109D60090400100000000F01FEC\14.0.4763\CVH.DLL
- 2010-11-07 03:14 . 2010-11-07 03:14 1551872 c:\windows\ehome\wow\ehuihlp.dll
+ 2011-01-22 05:05 . 2010-08-04 06:16 1551872 c:\windows\ehome\wow\ehuihlp.dll
+ 2011-01-22 05:05 . 2010-08-04 07:07 1668608 c:\windows\ehome\ehuihlp.dll
- 2010-11-07 03:14 . 2010-11-07 03:14 1668608 c:\windows\ehome\ehuihlp.dll
+ 2011-01-22 05:05 . 2010-08-04 06:28 6307840 c:\windows\ehome\ehshell.dll
- 2010-11-07 03:14 . 2010-11-07 03:14 6307840 c:\windows\ehome\ehshell.dll
+ 2011-01-22 19:11 . 2011-01-22 19:11 4927488 c:\windows\assembly\NativeImages_v2.0.50727_64\WindowsBase\bdb953c9c0fcd5c281b1bcbcfb527bd2\WindowsBase.ni.dll
+ 2011-01-23 06:23 . 2011-01-23 06:23 1458688 c:\windows\assembly\NativeImages_v2.0.50727_64\UIAutomationClients#\34620bb9f7b76dd7537bb19b9d03833f\UIAutomationClientsideProviders.ni.dll
+ 2011-01-23 06:23 . 2011-01-23 06:23 1817600 c:\windows\assembly\NativeImages_v2.0.50727_64\System.WorkflowServ#\079464502044f67e5faca79c8b9ae845\System.WorkflowServices.ni.dll
+ 2011-01-22 19:13 . 2011-01-22 19:13 2707456 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Run#\e8c04a9827d90688a83a0c5e62eec902\System.Workflow.Runtime.ni.dll
+ 2011-01-22 19:13 . 2011-01-22 19:13 5955072 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Com#\e2aba1aa0bec16b244d3189c7ac3892e\System.Workflow.ComponentModel.ni.dll
+ 2011-01-22 19:13 . 2011-01-22 19:13 3895296 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Act#\4726fe573dcdcb63d41f610b89146663\System.Workflow.Activities.ni.dll
+ 2011-01-22 19:10 . 2011-01-22 19:10 2291712 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Services\b2a43c504ae6289e430ba4533e72fd80\System.Web.Services.ni.dll
+ 2011-01-23 06:23 . 2011-01-23 06:23 3335680 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Mobile\2a93c1b65fcd65d5ac8bc70ee3345980\System.Web.Mobile.ni.dll
+ 2011-01-23 06:23 . 2011-01-23 06:23 1155072 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\a9f6a435824423acb5008f7d47a6fb29\System.Web.Extensions.Design.ni.dll
+ 2011-01-23 06:22 . 2011-01-23 06:22 3041792 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\47659b19dff2f4aa280266cb15598663\System.Web.Extensions.ni.dll
+ 2011-01-23 06:22 . 2011-01-23 06:22 2312704 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceModel#\b2a2a4fac227c6a58fc3e088d5dab67c\System.ServiceModel.Web.ni.dll
+ 2011-01-22 19:10 . 2011-01-22 19:10 1022976 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\1e17d4907cbd99eff7496e152bc3828a\System.Runtime.Remoting.ni.dll
+ 2011-01-22 19:13 . 2011-01-22 19:13 1453568 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Printing\5a8439298c3a23f785effd1b83c95640\System.Printing.ni.dll
+ 2011-01-23 06:08 . 2011-01-23 06:08 1433088 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IdentityModel\9b1ee10609a0ab1c8a8aa7873e63cd1f\System.IdentityModel.ni.dll
+ 2011-01-22 19:11 . 2011-01-22 19:11 2444288 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Deployment\566e9b2129cadc2f1fda187a34b39c9f\System.Deployment.ni.dll
+ 2011-01-23 06:22 . 2011-01-23 06:22 1846272 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Services\68e422101e69b43e80836fa3cf60f3df\System.Data.Services.ni.dll
+ 2011-01-23 06:23 . 2011-01-23 06:23 1289728 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Service#\55b60613e1429bbcbb26f9fd58133b60\System.Data.Services.Client.ni.dll
+ 2011-01-23 06:22 . 2011-01-23 06:22 3480576 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Linq\4774b729f858ea0eaa4a95570b38a2ef\System.Data.Linq.ni.dll
+ 2011-01-23 06:22 . 2011-01-23 06:22 1080320 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Entity.#\28cdeef8684c6e89513184acaa34eb4b\System.Data.Entity.Design.ni.dll
+ 2011-01-23 06:08 . 2011-01-23 06:08 3312128 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Core\6ef98a068f45cbf57702eab0f623d007\System.Core.ni.dll
+ 2011-01-22 19:10 . 2011-01-22 19:10 1308160 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\e132c80b2eeffad1f37e2ce108d7d8f7\System.Configuration.ni.dll
+ 2011-01-22 19:13 . 2011-01-22 19:13 3101696 c:\windows\assembly\NativeImages_v2.0.50727_64\ReachFramework\42517c0e9901f1bfa05988f8d9f14da8\ReachFramework.ni.dll
+ 2011-01-22 19:13 . 2011-01-22 19:13 2109952 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationUI\ac1498bd61cc7781d75f9caa589ba447\PresentationUI.ni.dll
+ 2011-01-23 06:08 . 2011-01-23 06:08 7966208 c:\windows\assembly\NativeImages_v2.0.50727_64\MIGUIControls\dbb8eb73740f0996a7133b8ee4bbf7a5\MIGUIControls.ni.dll
+ 2011-01-23 06:22 . 2011-01-23 06:22 2131968 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualBas#\1f03b7bea2b4a9902b8261b37dcf1fce\Microsoft.VisualBasic.ni.dll
+ 2011-01-23 06:08 . 2011-01-23 06:08 2105344 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\a024925125c462477531181a1a6f4d96\Microsoft.PowerShell.GPowerShell.ni.dll
+ 2011-01-23 06:08 . 2011-01-23 06:08 5351424 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\8e62f18bcf8190be5ffec8f91ad1dc45\Microsoft.PowerShell.Editor.ni.dll
+ 2011-01-23 06:08 . 2011-01-23 06:08 2175488 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\02f868da68a342ea7ccd26004237dcb6\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2011-01-23 06:08 . 2011-01-23 06:08 1508864 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\f34c32d080dc9dc444df48a4fc34f555\Microsoft.MediaCenter.Bml.ni.dll
+ 2011-01-22 19:11 . 2011-01-22 19:11 1516032 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\51011dc12676907c25bb0affb48a05be\Microsoft.MediaCenter.ni.dll
+ 2011-01-22 19:10 . 2011-01-22 19:10 8979456 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\06a0a2c993f876d9f285ea7d1c715397\Microsoft.MediaCenter.UI.ni.dll
+ 2011-01-23 06:08 . 2011-01-23 06:08 2677760 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\a91245ed32301dbdf5c83e1ae3405edd\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2011-01-23 06:08 . 2011-01-23 06:08 2218496 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\0709611492fc13f2411be23ad51cb0ca\Microsoft.Build.Tasks.ni.dll
+ 2011-01-22 19:11 . 2011-01-22 19:11 2801664 c:\windows\assembly\NativeImages_v2.0.50727_64\mcstore\6b707078e5bfc8d976288b0cd04f41a4\mcstore.ni.dll
+ 2011-01-22 19:11 . 2011-01-22 19:11 4086784 c:\windows\assembly\NativeImages_v2.0.50727_64\mcepg\202929e22403f391ec99e249bf172f16\mcepg.ni.dll
+ 2011-01-23 06:05 . 2011-01-23 06:05 2002432 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\bfc710e181371296c576319c69fb1e0a\WindowsLive.Writer.CoreServices.ni.dll
+ 2011-01-23 06:05 . 2011-01-23 06:05 6392832 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\9ceeb5e83a31fc1c2bae401ea80e9c7e\WindowsLive.Writer.PostEditor.ni.dll
+ 2011-01-22 19:13 . 2011-01-22 19:13 3325952 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\3c0fbe23fa37ca50fea3dbe200b40f7a\WindowsBase.ni.dll
+ 2011-01-23 06:07 . 2011-01-23 06:07 1047552 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\316d55123fabfb1b92b6364d294ccf65\UIAutomationClientsideProviders.ni.dll
+ 2011-01-23 06:07 . 2011-01-23 06:07 1358336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\49bea010bf1cd3d114a44ac029d8aeaf\System.WorkflowServices.ni.dll
+ 2011-01-22 19:14 . 2011-01-22 19:14 1914880 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\d2a55d3fd148e1634963a57afc8ab451\System.Workflow.Runtime.ni.dll
+ 2011-01-22 19:14 . 2011-01-22 19:14 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\54082b58a204310c895299ba03936274\System.Workflow.ComponentModel.ni.dll
+ 2011-01-22 19:14 . 2011-01-22 19:14 2995200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\b90f362205a2aa18b04b90a488322ede\System.Workflow.Activities.ni.dll
+ 2011-01-22 19:14 . 2011-01-22 19:14 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\eff56eb13480ff414dfca0496a3f572c\System.Web.Services.ni.dll
+ 2011-01-23 06:07 . 2011-01-23 06:07 2209792 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\53878cd05f58c4959147cbd3b1d69d04\System.Web.Mobile.ni.dll
+ 2011-01-23 06:07 . 2011-01-23 06:07 2402816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\55d8256368344958d49ffffc4b31d42d\System.Web.Extensions.ni.dll
+ 2011-01-23 06:07 . 2011-01-23 06:07 1705984 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\177dc5c63e6c72ebd19d897c0fddab1b\System.ServiceModel.Web.ni.dll
+ 2011-01-22 19:14 . 2011-01-22 19:14 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\86e1b89eec4df3c10e5ed8bf20b80ebd\System.Printing.ni.dll
+ 2011-01-23 06:06 . 2011-01-23 06:06 1072128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\e1f487716bc10cf0b290e87d32f25252\System.IdentityModel.ni.dll
+ 2011-01-22 19:13 . 2011-01-22 19:13 1806848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\17acef277a65333d0cd2003266af184d\System.Deployment.ni.dll
+ 2011-01-23 06:07 . 2011-01-23 06:07 1328640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\192e017f3b0f1f3efbf1e3041cd0fa34\System.Data.Services.ni.dll
+ 2011-01-23 06:07 . 2011-01-23 06:07 2516992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\6e6ded3ee35572638262578c00afd4dc\System.Data.Linq.ni.dll
+ 2011-01-23 06:07 . 2011-01-23 06:07 9921024 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\6e9445f6c035f07b31a86296f4e2be3f\System.Data.Entity.ni.dll
+ 2011-01-23 06:06 . 2011-01-23 06:06 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\b1a619266964bede98b18ef83eb1c559\System.Core.ni.dll
+ 2011-01-22 19:14 . 2011-01-22 19:14 2147328 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\05460c4c17dba17e4c3c81ae4a42bf8a\ReachFramework.ni.dll
+ 2011-01-22 19:14 . 2011-01-22 19:14 1658368 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\a7cea5d83f3ae698470a1393a30242db\PresentationUI.ni.dll
+ 2011-01-23 06:06 . 2011-01-23 06:06 6434304 c:\windows\assembly\NativeImages_v2.0.50727_32\MIGUIControls\89713af86ff161490962fe41a01cd5f7\MIGUIControls.ni.dll
+ 2011-01-23 06:06 . 2011-01-23 06:06 1670144 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\401d4cd2a06122a32cf094d541dcdd63\Microsoft.VisualBasic.ni.dll
+ 2011-01-23 06:06 . 2011-01-23 06:06 1705472 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\fb7affa6ddb40f9e0bf982c66da8b04a\Microsoft.PowerShell.GPowerShell.ni.dll
+ 2011-01-23 06:06 . 2011-01-23 06:06 1681920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\ed3cf725dda20006fb8134469d4837e3\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2011-01-23 06:06 . 2011-01-23 06:06 3724288 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\2e071174a8b54bbd5eb02fb54e10dec6\Microsoft.PowerShell.Editor.ni.dll
+ 2011-01-23 06:06 . 2011-01-23 06:06 1009664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\856eddcb03185e61a3fb7d3c0622b622\Microsoft.MediaCenter.ni.dll
+ 2011-01-23 06:06 . 2011-01-23 06:06 6499840 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\12012772d108f25455870826bd89d966\Microsoft.MediaCenter.UI.ni.dll
+ 2011-01-23 06:06 . 2011-01-23 06:06 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\a6e90a53a09e50dda9122b432f48e275\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2011-01-23 06:06 . 2011-01-23 06:06 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\0d33e9ce3f1f04cf48bff4c2dfb9f4eb\Microsoft.Build.Tasks.ni.dll
+ 2011-01-23 06:06 . 2011-01-23 06:06 2035712 c:\windows\assembly\NativeImages_v2.0.50727_32\mcstore\edf6cf4bc37223b275eb0d85406d75b9\mcstore.ni.dll
+ 2011-01-23 06:06 . 2011-01-23 06:06 3025920 c:\windows\assembly\NativeImages_v2.0.50727_32\mcepg\7f46bfc8ae812c92c74596da1f369f0b\mcepg.ni.dll
+ 2011-01-22 05:05 . 2010-03-02 23:24 1249280 c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
- 2009-07-13 21:10 . 2009-06-10 21:14 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2011-01-22 05:05 . 2010-09-23 22:31 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
- 2009-07-14 00:35 . 2009-06-10 21:14 5279744 c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2011-01-22 05:05 . 2010-03-02 23:24 5279744 c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
- 2010-11-07 03:14 . 2010-11-07 03:14 6307840 c:\windows\assembly\GAC_MSIL\ehshell\6.1.0.0__31bf3856ad364e35\ehshell.dll
+ 2011-01-22 05:05 . 2010-08-04 06:28 6307840 c:\windows\assembly\GAC_MSIL\ehshell\6.1.0.0__31bf3856ad364e35\ehshell.dll
+ 2011-01-22 05:05 . 2010-09-23 22:29 5255168 c:\windows\assembly\GAC_64\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2009-07-14 01:01 . 2009-06-10 20:30 3996672 c:\windows\assembly\GAC_64\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2011-01-22 05:05 . 2010-03-02 23:23 3996672 c:\windows\assembly\GAC_64\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2011-01-22 05:05 . 2010-09-23 22:31 5246976 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2009-07-14 00:35 . 2009-06-10 21:14 4214784 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2011-01-22 05:05 . 2010-03-02 23:24 4214784 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2011-01-22 05:05 . 2010-09-01 04:23 12625408 c:\windows\SysWOW64\wmploc.DLL
- 2010-11-07 02:52 . 2010-11-07 02:52 12625408 c:\windows\SysWOW64\wmploc.DLL
+ 2011-01-22 05:05 . 2010-09-01 04:29 11406848 c:\windows\SysWOW64\wmp.dll
+ 2011-01-22 05:05 . 2010-11-04 05:48 10989056 c:\windows\SysWOW64\ieframe.dll
- 2010-11-07 02:52 . 2010-11-07 02:52 12625920 c:\windows\system32\wmploc.DLL
+ 2011-01-22 05:05 . 2010-09-01 05:12 12625920 c:\windows\system32\wmploc.DLL
+ 2011-01-22 05:05 . 2010-09-01 05:21 14627840 c:\windows\system32\wmp.dll
+ 2009-07-14 02:34 . 2011-01-23 09:45 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:34 . 2011-01-22 12:37 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2011-01-22 05:05 . 2010-11-04 06:31 12369408 c:\windows\system32\ieframe.dll
+ 2011-01-22 19:01 . 2011-01-22 19:01 20303872 c:\windows\Installer\6c7342.msp
+ 2011-01-22 19:01 . 2011-01-22 19:01 15710720 c:\windows\Installer\6c733a.msp
+ 2011-01-22 20:41 . 2011-01-22 20:41 20304384 c:\windows\Installer\54a304.msp
+ 2011-01-22 19:11 . 2011-01-22 19:11 17378816 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\d6fb1e55b2ba3ab8b2815181133130e3\System.Windows.Forms.ni.dll
+ 2011-01-22 19:10 . 2011-01-22 19:10 15232512 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web\03966605e6880c960111f15fbe1e414a\System.Web.ni.dll
+ 2011-01-23 06:08 . 2011-01-23 06:08 23812096 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceModel\e000a1cd822ffb6f6483426a67622d75\System.ServiceModel.ni.dll
+ 2011-01-22 19:10 . 2011-01-22 19:10 13609472 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Design\a78ec0117a85a48e1c7c816946c64915\System.Design.ni.dll
+ 2011-01-23 06:22 . 2011-01-23 06:22 13757952 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Entity\1fb6f8743f783684031b530b7eb3d5cc\System.Data.Entity.ni.dll
+ 2011-01-22 19:13 . 2011-01-22 19:13 19169792 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\da6dc95dcf7c5f12d587da1cb871070d\PresentationFramework.ni.dll
+ 2011-01-22 19:12 . 2011-01-22 19:12 16513024 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationCore\15bd45170ad2f155fe8b3c4f627b34bd\PresentationCore.ni.dll
+ 2011-01-22 19:11 . 2011-01-22 19:11 25462272 c:\windows\assembly\NativeImages_v2.0.50727_64\ehshell\815d357ce618fb1577b161ae2e63c2be\ehshell.ni.dll
+ 2011-01-22 19:14 . 2011-01-22 19:14 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f92c882fd4e7005c005e208daa04c28d\System.Windows.Forms.ni.dll
+ 2011-01-22 19:14 . 2011-01-22 19:14 11807744 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\ace3bede2f516f9e5bca620ad86cc063\System.Web.ni.dll
+ 2011-01-23 06:06 . 2011-01-23 06:06 17400320 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\cbc67ea9e93f7bebfbc341d39a4f838f\System.ServiceModel.ni.dll
+ 2011-01-22 19:14 . 2011-01-22 19:14 10578432 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\11768b1a056f85182e774a21dd920347\System.Design.ni.dll
+ 2011-01-22 19:14 . 2011-01-22 19:14 14322688 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\9e58e5346c3d0c341258f7c276a99121\PresentationFramework.ni.dll
+ 2011-01-22 19:13 . 2011-01-22 19:13 12216320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\74f3fc09a810d9b704a80ee8c18d9d04\PresentationCore.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
2010-11-07 02:59 433648 ----a-w- c:\programdata\Partner\Partner.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar "= "c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"Syncables "= "c:\program files (x86)\syncables\syncables desktop\Syncables.exe" [2010-07-19 370480]
"SpybotSD TeaTimer "= "c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl9 "= "c:\program files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
"BDRegion "= "c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2010-02-24 75048]
"UpdatePSTShortCut "= "c:\program files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2010-06-24 210216]
"UpdateLBPShortCut "= "c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut "= "c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"Boingo Wi-Fi "= "c:\program files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk" [2010-11-07 2429]
"SonicMasterTray "= "c:\program files (x86)\ASUS\SonicMaster\SonicMasterTray.exe" [2010-07-10 984400]
"ATKMEDIA "= "c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-05-03 170624]
"HControlUser "= "c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3 "= "c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536]
"VAWinAgent "= "c:\expressgateutil\VAWinAgent.exe" [2010-08-13 21504]
"QuickTime Task "= "c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper "= "c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"SunJavaUpdateSched "= "c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

c:\users\Kelvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Digsby.lnk - c:\program files (x86)\Digsby\digsby.exe [2010-3-3 141488]
OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin "= 5 (0x5)
"ConsentPromptBehaviorUser "= 3 (0x3)
"EnableUIADesktopToggle "= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs "=c:\windows\SysWOW64\nvinit.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux "=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@= "Service "

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-07 135664]
R2 VideAceWindowsService;VideAceWindowsService;c:\expressgateutil\VAWinService.exe [2010-08-21 77312]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 72064]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 Partner Service;Partner Service;c:\programdata\Partner\Partner.exe [2010-11-07 332272]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-09-28 51712]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-22 1255736]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2010-08-16 24680]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/11/06 19:44];c:\program files (x86)\Cyberlink\PowerDVD9\000.fcl [2010-02-24 18:14 146928]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2010-06-22 379520]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-27 821664]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe [2010-10-15 326704]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2010-08-17 1620584]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-04-23 483688]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-08-17 235624]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-04-16 13832]
S2 TurboBoost;Intel(R) Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-04-16 134928]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-07-21 129024]
S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys [2010-09-25 229376]
S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys [2010-09-25 69120]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-03-04 75816]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 40832]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2010-04-23 721768]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2010-04-23 269672]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2010-04-23 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2010-04-23 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-04-23 209768]

.
Contents of the 'Scheduled Tasks' folder

2011-01-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-07 02:59]

2011-01-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-07 02:59]
.

--------- x86-64 -----------

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
2010-11-07 02:59 750064 ----a-w- c:\programdata\Partner\Partner64.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@= "{6D4133E5-0742-4ADC-8A8C-9303440F7190} "
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@= "{64174815-8D98-4CE6-8646-4C039977D808} "
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ASUS WebStorage "= "c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2010-03-16 1754448]
"IgfxTray "= "c:\windows\system32\igfxtray.exe" [2010-08-09 161304]
"HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2010-08-09 386584]
"Persistence "= "c:\windows\system32\igfxpers.exe" [2010-08-09 415256]
"RtHDVBg "= "c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-09-28 2121320]
"AmIcoSinglun64 "= "c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-05-03 324096]
"ETDWare "= "%ProgramFiles%\Elantech\ETDCtrl.exe" [BU]
"IntelTBRunOnce "= "wscript.exe" [2009-07-14 168960]
"MSC "= "c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs "=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uStart Page = hxxp://asus.msn.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\users\Kelvin\AppData\Roaming\Mozilla\Firefox\Profiles\m303u31u.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=15000
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - yahoo.com
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=adbartrp&AF=15000&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: afurladvisor: afurladvisor@anchorfree.com - c:\program files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Firefox Sync: {340c2bbc-ce74-4362-90b5-7c26312808ef} - %profile%\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}
FF - Ext: Siphon - Sync Add-ons: siphon@siphon.ian-halpern.com - %profile%\extensions\siphon@siphon.ian-halpern.com
FF - Ext: FoxTab: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a} - %profile%\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
FF - Ext: All-in-One Sidebar: {097d3191-e6fa-4728-9826-b533d755359d} - %profile%\extensions\{097d3191-e6fa-4728-9826-b533d755359d}
FF - Ext: Evernote Web Clipper: {E0B8C461-F8FB-49b4-8373-FE32E9252800} - %profile%\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Easy Youtube Video Downloader: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} - %profile%\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
FF - Ext: Zotero: zotero@chnm.gmu.edu - %profile%\extensions\zotero@chnm.gmu.edu
FF - Ext: InvisibleHand: canitbecheaper@trafficbroker.co.uk - %profile%\extensions\canitbecheaper@trafficbroker.co.uk
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath "= "\??\c:\program files (x86)\Cyberlink\PowerDVD9\000.fcl "
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled "=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@= "c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@= "Shockwave Flash Object "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@= "c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx "
"ThreadingModel "= "Apartment "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@= "0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@= "ShockwaveFlash.ShockwaveFlash.10 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@= "c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@= "{D27CDB6B-AE6D-11cf-96B8-444553540000} "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@= "1.0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@= "ShockwaveFlash.ShockwaveFlash "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@= "Macromedia Flash Factory Object "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@= "c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx "
"ThreadingModel "= "Apartment "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@= "FlashFactory.FlashFactory.1 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@= "c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@= "{D27CDB6B-AE6D-11cf-96B8-444553540000} "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@= "1.0 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@= "FlashFactory.FlashFactory "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker3 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-01-24 01:27:43
ComboFix-quarantined-files.txt 2011-01-23 17:27
ComboFix2.txt 2011-01-22 14:07

Pre-Run: 444,064,714,752 bytes free
Post-Run: 444,016,848,896 bytes free

- - End Of File - - EA3998782FF244A484A092876DA4C4E4

broni · 2011/01/23

It looks good.

Uninstall Advanced Registry Optimizer.

Registry cleaners/optimizers are not recommended for several reasons:

Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.

Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry ". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.

Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.

Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.

The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results ".

Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.

Ed Bott's Webog: Why I don't use registry cleaners

Do I need a Registry Cleaner?

==============================================================

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Click the Scan All Users checkbox.

Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

broni · 2011/01/23

It looks good.

Uninstall Advanced Registry Optimizer.

Registry cleaners/optimizers are not recommended for several reasons:

Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.

Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry ". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.

Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.

Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.

The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results ".

Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.

Ed Bott's Webog: Why I don't use registry cleaners

Do I need a Registry Cleaner?

==============================================================

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Click the Scan All Users checkbox.

Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

mrbiglive · 2011/01/23

here is otl.txt (part 1)
----
OTL logfile created on: 1/24/2011 7:59:17 AM - Run 1
OTL by OldTimer - Version 3.2.20.4 Folder = C:\Users\Kelvin\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Singapore | Language: ENE | Date Format: d/M/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 53.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 444.27 Gb Total Space | 413.58 Gb Free Space | 93.09% Space Free | Partition Type: NTFS

Computer Name: KELVIN-PC | User Name: Kelvin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/24 07:56:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kelvin\Downloads\OTL.exe
PRC - [2011/01/08 06:48:12 | 000,108,080 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe
PRC - [2011/01/08 06:46:06 | 000,271,408 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
PRC - [2011/01/06 02:30:36 | 000,352,304 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
PRC - [2010/12/13 23:00:34 | 000,121,576 | ---- | M] (dotSyntax, LLC) -- C:\Program Files (x86)\Digsby\lib\digsby-app.exe
PRC - [2010/11/07 11:22:56 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2010/10/16 02:42:14 | 000,326,704 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/09/30 15:15:20 | 001,078,912 | ---- | M] (asus) -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe
PRC - [2010/08/18 05:55:42 | 005,732,992 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2010/08/17 13:34:22 | 000,235,624 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/08/17 13:30:54 | 001,620,584 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2010/07/20 03:26:00 | 000,370,480 | ---- | M] (syncables, LLC) -- C:\Program Files (x86)\syncables\syncables desktop\syncables.exe
PRC - [2010/07/20 03:26:00 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe
PRC - [2010/07/10 13:45:00 | 000,984,400 | ---- | M] (Virage Logic Corporation / Sonic Focus) -- C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe
PRC - [2010/05/21 00:28:00 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010/05/21 00:27:58 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2010/05/04 05:45:50 | 000,182,912 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
PRC - [2010/05/04 05:41:46 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
PRC - [2010/04/24 01:10:34 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010/04/24 01:10:28 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/02/24 11:14:26 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exe
PRC - [2009/12/16 01:39:38 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
PRC - [2009/11/03 05:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009/10/01 10:34:22 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009/10/01 10:33:08 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009/08/13 03:32:56 | 000,365,936 | ---- | M] (Boingo Wireless, Inc.) -- C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
PRC - [2009/08/01 01:38:24 | 000,305,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
PRC - [2009/07/07 05:22:04 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
PRC - [2009/06/20 01:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
PRC - [2009/06/20 01:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
PRC - [2009/06/16 08:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/12/23 08:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe

========== Modules (SafeList) ==========

MOD - [2011/01/24 07:56:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kelvin\Downloads\OTL.exe
MOD - [2010/08/21 13:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/11/11 14:36:38 | 000,282,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2010/11/11 14:36:38 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/06/23 02:20:42 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV:64bit: - [2010/04/17 07:07:42 | 000,134,928 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009/07/14 09:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/01/08 06:48:18 | 000,057,640 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.exe -- (HssTrayService)
SRV - [2011/01/08 06:46:06 | 000,271,408 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe -- (HotspotShieldService)
SRV - [2011/01/06 02:30:36 | 000,352,304 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
SRV - [2010/11/07 10:59:41 | 000,332,272 | ---- | M] (Google Inc.) [On_Demand | Stopped] -- C:\ProgramData\Partner\Partner.exe -- (Partner Service)
SRV - [2010/10/16 02:42:14 | 000,326,704 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/08/21 09:47:58 | 000,077,312 | ---- | M] () [Auto | Stopped] -- C:\ExpressGateUtil\VAWinService.exe -- (VideAceWindowsService)
SRV - [2010/08/17 13:34:22 | 000,235,624 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/08/17 13:30:54 | 001,620,584 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2010/04/24 01:10:34 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/04/24 01:10:28 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2009/12/16 01:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2009/10/01 10:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009/10/01 10:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009/06/16 08:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2009/06/11 05:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/10/24 21:25:38 | 000,072,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2010/09/28 15:44:52 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/09/25 10:24:26 | 000,229,376 | ---- | M] (Fresco Logic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FLxHCIc.sys -- (FLxHCIc) Fresco Logic xHCI (USB3)
DRV:64bit: - [2010/09/25 10:24:26 | 000,069,120 | ---- | M] (Fresco Logic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FLxHCIh.sys -- (FLxHCIh) Fresco Logic xHCI (USB3)
DRV:64bit: - [2010/09/23 03:19:02 | 000,056,832 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HssDrv.sys -- (HssDrv)
DRV:64bit: - [2010/09/23 03:19:02 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2010/08/16 21:49:59 | 000,024,680 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2010/07/29 02:40:39 | 010,610,400 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/07/21 13:33:49 | 000,129,024 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2010/04/24 01:10:32 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2010/04/24 01:10:28 | 000,269,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2010/04/24 01:10:28 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2010/04/24 01:10:20 | 000,721,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2010/04/17 07:07:28 | 000,013,832 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2010/03/04 17:53:01 | 000,075,816 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/03/03 19:51:39 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/03/02 16:45:23 | 001,594,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/02/27 05:02:11 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/09/18 03:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009/08/20 10:41:37 | 001,800,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV:64bit: - [2009/07/20 17:29:39 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009/07/14 09:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/14 09:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 09:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 09:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 09:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 09:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/11 04:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/11 04:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009/06/11 04:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 04:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 04:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 04:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/14 00:07:20 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)
DRV:64bit: - [2008/12/08 17:35:52 | 000,061,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2008/05/24 08:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2010/02/25 02:14:22 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/11/06 19:44:02] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl -- ({B154377D-700F-42cc-9474-23858FBDF4BD})
DRV - [2009/07/03 08:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2599028417-4041818518-3215170054-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2599028417-4041818518-3215170054-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
IE - HKU\S-1-5-21-2599028417-4041818518-3215170054-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2599028417-4041818518-3215170054-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon) "
FF - prefs.js..browser.search.defaulturl: "http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=15000 "
FF - prefs.js..browser.search.order.1: "Search the web (Babylon) "
FF - prefs.js..browser.search.selectedEngine: "Google "
FF - prefs.js..browser.startup.homepage: "yahoo.com "
FF - prefs.js..extensions.enabledItems: {340c2bbc-ce74-4362-90b5-7c26312808ef}:1.6.2
FF - prefs.js..extensions.enabledItems: siphon@siphon.ian-halpern.com:0.9.0
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.1
FF - prefs.js..extensions.enabledItems: {097d3191-e6fa-4728-9826-b533d755359d}:0.7.12
FF - prefs.js..extensions.enabledItems: {E0B8C461-F8FB-49b4-8373-FE32E9252800}:4.0.0.106602
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.2
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:4.0
FF - prefs.js..extensions.enabledItems: zotero@chnm.gmu.edu:2.0.9
FF - prefs.js..extensions.enabledItems: canitbecheaper@trafficbroker.co.uk:2.9.1
FF - prefs.js..extensions.enabledItems: afurladvisor@anchorfree.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..keyword.URL: "http://search.babylon.com/?babsrc=adbartrp&AF=15000&q= "

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/01/21 23:11:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/01/22 20:37:17 | 000,000,000 | ---D | M]

[2011/01/21 20:11:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kelvin\AppData\Roaming\Mozilla\Extensions
[2011/01/23 22:18:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kelvin\AppData\Roaming\Mozilla\Firefox\Profiles\m303u31u.default\extensions
[2011/01/21 21:25:40 | 000,000,000 | ---D | M] (All-in-One Sidebar) -- C:\Users\Kelvin\AppData\Roaming\Mozilla\Firefox\Profiles\m303u31u.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}
[2011/01/21 20:31:44 | 000,000,000 | ---D | M] (Firefox Sync) -- C:\Users\Kelvin\AppData\Roaming\Mozilla\Firefox\Profiles\m303u31u.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}
[2011/01/21 21:25:37 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Kelvin\AppData\Roaming\Mozilla\Firefox\Profiles\m303u31u.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/01/21 21:25:36 | 000,000,000 | ---D | M] (Easy Youtube Video Downloader) -- C:\Users\Kelvin\AppData\Roaming\Mozilla\Firefox\Profiles\m303u31u.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
[2011/01/23 16:35:02 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Kelvin\AppData\Roaming\Mozilla\Firefox\Profiles\m303u31u.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/01/21 21:25:40 | 000,000,000 | ---D | M] (Evernote Web Clipper) -- C:\Users\Kelvin\AppData\Roaming\Mozilla\Firefox\Profiles\m303u31u.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}
[2011/01/21 21:25:41 | 000,000,000 | ---D | M] (FoxTab) -- C:\Users\Kelvin\AppData\Roaming\Mozilla\Firefox\Profiles\m303u31u.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2011/01/21 22:05:38 | 000,000,000 | ---D | M] (InvisibleHand) -- C:\Users\Kelvin\AppData\Roaming\Mozilla\Firefox\Profiles\m303u31u.default\extensions\canitbecheaper@trafficbroker.co.uk
[2011/01/21 21:21:22 | 000,000,000 | ---D | M] (Siphon - Sync Add-ons) -- C:\Users\Kelvin\AppData\Roaming\Mozilla\Firefox\Profiles\m303u31u.default\extensions\siphon@siphon.ian-halpern.com
[2011/01/21 21:28:27 | 000,000,000 | ---D | M] (Zotero) -- C:\Users\Kelvin\AppData\Roaming\Mozilla\Firefox\Profiles\m303u31u.default\extensions\zotero@chnm.gmu.edu
[2011/01/22 20:37:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/01/21 21:50:05 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011/01/22 20:37:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/01/21 22:30:41 | 000,000,000 | ---D | M] (afurladvisor) -- C:\Program Files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com
[2011/01/22 20:37:13 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/01/21 21:49:17 | 000,002,226 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml

O1 HOSTS File: ([2009/06/11 05:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll (Google Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [ASUS WebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe ()
O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [Boingo Wi-Fi] C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk ()
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe (Virage Logic Corporation / Sonic Focus)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VAWinAgent] C:\ExpressGateUtil\VAWinAgent.exe ()
O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
O4 - HKU\S-1-5-21-2599028417-4041818518-3215170054-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2599028417-4041818518-3215170054-1000..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-2599028417-4041818518-3215170054-1002..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKU\S-1-5-21-2599028417-4041818518-3215170054-1002..\Run: [Syncables] C:\Program Files (x86)\syncables\syncables desktop\syncables.exe (syncables, LLC)
O4 - HKU\S-1-5-21-2599028417-4041818518-3215170054-1000..\RunOnce: [mctadmin] File not found
O4 - Startup: C:\Users\Kelvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Digsby.lnk = C:\Program Files (x86)\Digsby\digsby.exe ()
O4 - Startup: C:\Users\Kelvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2599028417-4041818518-3215170054-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2599028417-4041818518-3215170054-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2599028417-4041818518-3215170054-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2599028417-4041818518-3215170054-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 202.156.1.68 202.156.1.58 218.186.1.38
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2011/01/24 01:27:45 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/01/24 01:22:00 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/01/23 22:15:37 | 000,000,000 | ---D | C] -- C:\Users\Kelvin\AppData\Local\Adobe
[2011/01/23 16:37:46 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/01/23 03:07:59 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2011/01/23 03:07:59 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2011/01/23 03:02:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011/01/23 02:13:24 | 000,000,000 | ---D | C] -- C:\Users\Kelvin\AppData\Local\Microsoft Games
[2011/01/23 01:21:16 | 000,000,000 | ---D | C] -- C:\Users\Kelvin\AppData\Roaming\Malwarebytes
[2011/01/23 01:20:14 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/01/23 01:20:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/01/23 01:20:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/01/23 01:20:10 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/01/23 01:20:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/01/22 23:09:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English)
[2011/01/22 22:39:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2011/01/22 22:39:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/01/22 22:08:23 | 000,000,000 | ---D | C] -- C:\ProgramData\hssff
[2011/01/22 22:01:07 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/01/22 22:01:07 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/01/22 22:01:07 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/01/22 21:56:30 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/01/22 21:53:19 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/01/22 21:37:01 | 000,000,000 | ---D | C] -- C:\ProgramData\VirtualizedApplications
[2011/01/22 20:50:30 | 000,000,000 | ---D | C] -- C:\Users\Kelvin\AppData\Roaming\OpenOffice.org
[2011/01/22 20:37:54 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.2
[2011/01/22 20:37:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JRE
[2011/01/22 20:37:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3
[2011/01/22 20:37:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/01/22 20:37:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/01/22 20:37:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2011/01/22 20:36:33 | 000,000,000 | ---D | C] -- C:\Users\Kelvin\Desktop\OpenOffice.org 3.2 (en-US) Installation Files
[2011/01/22 19:32:44 | 000,000,000 | R--D | C] -- C:\MSOCache
[2011/01/22 19:26:45 | 000,000,000 | ---D | C] -- C:\Users\Kelvin\AppData\Roaming\SoftGrid Client
[2011/01/22 19:26:45 | 000,000,000 | ---D | C] -- C:\Users\Kelvin\AppData\Local\SoftGrid Client
[2011/01/22 19:26:10 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2011/01/22 19:26:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2011/01/22 19:26:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Application Virtualization Client
[2011/01/22 19:26:03 | 000,000,000 | ---D | C] -- C:\Users\Kelvin\AppData\Roaming\TP
[2011/01/22 13:16:04 | 000,000,000 | ---D | C] -- C:\Users\Kelvin\AppData\Local\Cyberlink
[2011/01/22 13:16:00 | 000,000,000 | ---D | C] -- C:\Users\Kelvin\Documents\CyberLink
[2011/01/22 13:15:59 | 000,000,000 | ---D | C] -- C:\Users\Kelvin\AppData\Roaming\CyberLink
[2011/01/22 11:49:25 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\log
[2011/01/22 11:46:58 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2011/01/21 23:14:36 | 000,000,000 | ---D | C] -- C:\Windows\FLV Player
[2011/01/21 23:14:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FLV Player
[2011/01/21 23:14:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FLV Player
[2011/01/21 23:12:54 | 000,000,000 | ---D | C] -- C:\Users\Kelvin\AppData\Roaming\Apple Computer
[2011/01/21 23:12:54 | 000,000,000 | ---D | C] -- C:\Users\Kelvin\AppData\Local\Apple Computer
[2011/01/21 23:12:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/01/21 23:12:37 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/01/21 23:12:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011/01/21 23:12:37 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/01/21 23:12:37 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2011/01/21 23:10:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/01/21 23:10:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2011/01/21 23:10:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2011/01/21 23:10:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2011/01/21 23:10:50 | 000,000,000 | ---D | C] -- C:\Users\Kelvin\AppData\Local\Apple
[2011/01/21 23:10:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2011/01/21 23:10:40 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/01/21 23:10:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011/01/21 23:10:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2011/01/21 23:10:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2011/01/21 22:30:42 | 000,000,000 | ---D | C] -- C:\Hotspot Shield
[2011/01/21 22:30:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotspot Shield
[2011/01/21 22:30:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hotspot Shield
[2011/01/21 21:55:13 | 000,000,000 | ---D | C] -- C:\Users\Kelvin\AppData\Roaming\skypePM
[2011/01/21 21:51:26 | 000,000,000 | ---D | C] -- C:\Users\Kelvin\AppData\Roaming\Digsby
[2011/01/21 21:51:26 | 000,000,000 | ---D | C] -- C:\Users\Kelvin\AppData\Local\Digsby
[2011/01/21 21:51:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Digsby
[2011/01/21 21:50:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Registry Optimizer
[2011/01/21 21:50:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Advanced Registry Optimizer
[2011/01/21 21:49:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/01/21 21:49:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2011/01/21 21:49:46 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2011/01/21 21:49:46 | 000,000,000 | ---D | C] -- C:\Users\Kelvin\AppData\Roaming\Skype
[2011/01/21 21:49:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2011/01/21 21:49:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2011/01/21 21:49:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Babylon
[2011/01/21 21:45:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Digsby
[2011/01/21 21:45:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Digsby
[2011/01/21 20:44:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/01/21 20:44:38 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/01/21 20:29:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/01/21 20:29:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/01/21 20:29:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2011/01/21 20:27:43 | 000,000,000 | ---D | C] -- C:\Users\Kelvin\AppData\Roaming\AVG10
[2011/01/21 20:26:22 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011/01/21 20:25:52 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2011/01/21 20:25:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2011/01/21 20:17:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ControlDeck
[2011/01/21 20:16:21 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/01/21 20:11:02 | 000,000,000 | ---D | C] -- C:\Users\Kelvin\AppData\Roaming\Mozilla
[2011/01/21 20:11:02 | 000,000,000 | ---D | C] -- C:\Users\Kelvin\AppData\Local\Mozilla
[2011/01/21 20:10:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox
[2011/01/21 20:10:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2011/01/21 20:04:29 | 000,000,000 | -H-D | C] -- C:\ProgramData\.syncID
[2011/01/21 20:04:24 | 000,000,000 | -H-D | C] -- C:\ProgramData\.Syncables
[2011/01/21 20:04:01 | 000,000,000 | ---D | C] -- C:\Users\Kelvin\Documents\ASUS
[2011/01/21 20:03:55 | 000,000,000 | ---D | C] -- C:\ProgramData\ASUS
[2011/01/21 20:03:54 | 000,000,000 | ---D | C] -- C:\Users\Kelvin\AppData\Local\ASUS
[2011/01/21 20:00:27 | 000,000,000 | ---D | C] -- C:\Users\Kelvin\AppData\Roaming\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1
[2011/01/21 20:00:06 | 000,000,000 | ---D | C] -- C:\Users\Kelvin\AppData\Roaming\Adobe
[2011/01/21 19:58:57 | 000,000,000 | ---D | C] -- C:\Users\Kelvin\AppData\Local\Google
[2011/01/21 19:57:50 | 000,000,000 | ---D | C] -- C:\Users\Kelvin\Documents\ASUS WebStorage
[2011/01/21 19:57:50 | 000,000,000 | ---D | C] -- C:\Users\Kelvin\AppData\Roaming\Asus WebStorage
[2011/01/21 19:57:26 | 000,000,000 | R--D | C] -- C:\Users\Kelvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011/01/21 19:57:26 | 000,000,000 | R--D | C] -- C:\Users\Kelvin\Searches
[2011/01/21 19:57:26 | 000,000,000 | R--D | C] -- C:\Users\Kelvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/01/21 19:57:26 | 000,000,000 | -H-D | C] -- C:\Users\Kelvin\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2011/01/21 19:57:19 | 000,000,000 | ---D | C] -- C:\Users\Kelvin\AppData\Roaming\Identities
[2011/01/21 19:57:17 | 000,000,000 | R--D | C] -- C:\Users\Kelvin\Contacts
[2011/01/21 19:57:05 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\eBay
[2011/01/21 19:55:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2011/01/21 19:55:48 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2011/01/21 19:55:48 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2011/01/21 19:55:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Sync Framework
[2011/01/21 19:54:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2011/01/21 19:54:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2011/01/21 19:53:56 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2011/01/21 19:53:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live SkyDrive
[2011/01/21 19:53:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2011/01/21 19:53:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2011/01/21 19:53:13 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2011/01/21 19:52:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2011/01/21 19:52:09 | 000,000,000 | ---D | C] -- C:\Users\Kelvin\AppData\Local\Power2Go
[2011/01/21 19:52:07 | 000,000,000 | ---D | C] -- C:\Users\Kelvin\AppData\Local\VirtualStore
[2011/01/21 19:50:53 | 000,000,000 | -HSD | C] -- C:\Users\Kelvin\AppData\Local\Temporary Internet Files
[2011/01/21 19:50:53 | 000,000,000 | -HSD | C] -- C:\Users\Kelvin\Templates
[2011/01/21 19:50:53 | 000,000,000 | -HSD | C] -- C:\Users\Kelvin\Start Menu
[2011/01/21 19:50:53 | 000,000,000 | -HSD | C] -- C:\Users\Kelvin\SendTo
[2011/01/21 19:50:53 | 000,000,000 | -HSD | C] -- C:\Users\Kelvin\Recent
[2011/01/21 19:50:53 | 000,000,000 | -HSD | C] -- C:\Users\Kelvin\PrintHood
[2011/01/21 19:50:53 | 000,000,000 | -HSD | C] -- C:\Users\Kelvin\NetHood
[2011/01/21 19:50:53 | 000,000,000 | -HSD | C] -- C:\Users\Kelvin\Documents\My Videos
[2011/01/21 19:50:53 | 000,000,000 | -HSD | C] -- C:\Users\Kelvin\Documents\My Pictures
[2011/01/21 19:50:53 | 000,000,000 | -HSD | C] -- C:\Users\Kelvin\Documents\My Music
[2011/01/21 19:50:53 | 000,000,000 | -HSD | C] -- C:\Users\Kelvin\My Documents
[2011/01/21 19:50:53 | 000,000,000 | -HSD | C] -- C:\Users\Kelvin\Local Settings
[2011/01/21 19:50:53 | 000,000,000 | -HSD | C] -- C:\Users\Kelvin\AppData\Local\History
[2011/01/21 19:50:53 | 000,000,000 | -HSD | C] -- C:\Users\Kelvin\Cookies
[2011/01/21 19:50:53 | 000,000,000 | -HSD | C] -- C:\Users\Kelvin\Application Data
[2011/01/21 19:50:53 | 000,000,000 | -HSD | C] -- C:\Users\Kelvin\AppData\Local\Application Data
[2011/01/21 19:50:52 | 000,000,000 | --SD | C] -- C:\Users\Kelvin\AppData\Roaming\Microsoft
[2011/01/21 19:50:52 | 000,000,000 | R--D | C] -- C:\Users\Kelvin\Videos
[2011/01/21 19:50:52 | 000,000,000 | R--D | C] -- C:\Users\Kelvin\Saved Games
[2011/01/21 19:50:52 | 000,000,000 | R--D | C] -- C:\Users\Kelvin\Pictures
[2011/01/21 19:50:52 | 000,000,000 | R--D | C] -- C:\Users\Kelvin\Music
[2011/01/21 19:50:52 | 000,000,000 | R--D | C] -- C:\Users\Kelvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011/01/21 19:50:52 | 000,000,000 | R--D | C] -- C:\Users\Kelvin\Links
[2011/01/21 19:50:52 | 000,000,000 | R--D | C] -- C:\Users\Kelvin\Favorites
[2011/01/21 19:50:52 | 000,000,000 | R--D | C] -- C:\Users\Kelvin\Downloads
[2011/01/21 19:50:52 | 000,000,000 | R--D | C] -- C:\Users\Kelvin\My Documents
[2011/01/21 19:50:52 | 000,000,000 | R--D | C] -- C:\Users\Kelvin\Desktop
[2011/01/21 19:50:52 | 000,000,000 | R--D | C] -- C:\Users\Kelvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011/01/21 19:50:52 | 000,000,000 | -H-D | C] -- C:\Users\Kelvin\AppData
[2011/01/21 19:50:52 | 000,000,000 | ---D | C] -- C:\Users\Kelvin\AppData\Local\Temp
[2011/01/21 19:50:52 | 000,000,000 | ---D | C] -- C:\Users\Kelvin\AppData\Local\Microsoft
[2011/01/21 19:50:52 | 000,000,000 | ---D | C] -- C:\Users\Kelvin\AppData\Roaming\Media Center Programs
[2011/01/21 19:50:52 | 000,000,000 | ---D | C] -- C:\Users\Kelvin\AppData\Roaming\Macromedia
[2011/01/21 19:50:52 | 000,000,000 | ---D | C] -- C:\Users\Kelvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite
[2011/01/21 19:50:52 | 000,000,000 | ---D | C] -- C:\Users\Kelvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASUS Video Magic

mrbiglive · 2011/01/23

otl.txt (part2)
---

========== Files - Modified Within 30 Days ==========

[2011/01/24 07:50:47 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/01/24 07:50:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/01/23 17:39:14 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/01/23 17:39:14 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/01/23 17:32:21 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe
[2011/01/23 17:32:20 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/01/23 17:31:41 | 3054,878,720 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/23 16:37:52 | 004,133,268 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/01/23 16:37:52 | 000,687,498 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2011/01/23 16:37:52 | 000,686,544 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat
[2011/01/23 16:37:52 | 000,672,628 | ---- | M] () -- C:\Windows\SysNative\prfh0816.dat
[2011/01/23 16:37:52 | 000,609,734 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/01/23 16:37:52 | 000,373,842 | ---- | M] () -- C:\Windows\SysNative\prfh0404.dat
[2011/01/23 16:37:52 | 000,357,872 | ---- | M] () -- C:\Windows\SysNative\prfh0804.dat
[2011/01/23 16:37:52 | 000,134,890 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat
[2011/01/23 16:37:52 | 000,131,772 | ---- | M] () -- C:\Windows\SysNative\prfc0816.dat
[2011/01/23 16:37:52 | 000,128,256 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2011/01/23 16:37:52 | 000,104,754 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/01/23 16:37:52 | 000,102,614 | ---- | M] () -- C:\Windows\SysNative\prfc0804.dat
[2011/01/23 16:37:52 | 000,097,700 | ---- | M] () -- C:\Windows\SysNative\prfc0404.dat
[2011/01/23 03:09:17 | 000,300,680 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/01/23 01:20:14 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/22 22:39:35 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/01/22 22:04:26 | 004,065,638 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/01/22 22:00:12 | 000,002,030 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2011/01/22 22:00:05 | 000,001,308 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[2011/01/22 20:54:21 | 000,002,309 | ---- | M] () -- C:\Users\Kelvin\Documents\New Database.odb
[2011/01/22 20:50:57 | 000,001,241 | ---- | M] () -- C:\Users\Kelvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
[2011/01/22 20:37:54 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.2.lnk
[2011/01/22 11:49:31 | 000,039,252 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2011/01/22 11:49:31 | 000,039,252 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2011/01/21 23:14:36 | 000,001,916 | ---- | M] () -- C:\Users\Public\Desktop\FLV Player.lnk
[2011/01/21 23:12:51 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/01/21 23:10:59 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/01/21 22:31:26 | 000,001,146 | ---- | M] () -- C:\Users\Public\Desktop\Hotspot Shield Launch.lnk
[2011/01/21 22:29:55 | 007,733,800 | ---- | M] () -- C:\Users\Kelvin\Desktop\HSS-1.57-install-anchorfree-247-conduit3.exe
[2011/01/21 21:55:14 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat
[2011/01/21 21:51:25 | 000,001,113 | ---- | M] () -- C:\Users\Kelvin\Application Data\Microsoft\Internet Explorer\Quick Launch\Digsby.lnk
[2011/01/21 21:51:25 | 000,001,089 | ---- | M] () -- C:\Users\Kelvin\Desktop\Digsby.lnk
[2011/01/21 21:51:25 | 000,001,021 | ---- | M] () -- C:\Users\Kelvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Digsby.lnk
[2011/01/21 21:50:35 | 000,002,061 | ---- | M] () -- C:\Users\Kelvin\Desktop\Check PC For Errors.lnk
[2011/01/21 21:50:35 | 000,002,045 | ---- | M] () -- C:\Users\Kelvin\Application Data\Microsoft\Internet Explorer\Quick Launch\Check PC For Errors.lnk
[2011/01/21 21:49:47 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/01/21 21:36:50 | 000,000,824 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\tmvsthfud.bin
[2011/01/21 21:36:45 | 000,000,824 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\tmvsthfss.bin
[2011/01/21 21:13:38 | 000,000,080 | ---- | M] () -- C:\Windows\SysNative\Defrag.ini
[2011/01/21 20:45:40 | 000,017,044 | ---- | M] () -- C:\Users\Kelvin\Documents\cc_20110121_204534.reg
[2011/01/21 20:44:40 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/01/21 20:30:01 | 000,001,288 | ---- | M] () -- C:\Users\Kelvin\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/01/21 20:30:01 | 000,001,264 | ---- | M] () -- C:\Users\Kelvin\Desktop\Spybot - Search & Destroy.lnk
[2011/01/21 20:17:32 | 000,002,595 | ---- | M] () -- C:\Users\Public\Desktop\ControlDeck.lnk
[2011/01/21 20:10:59 | 000,001,969 | ---- | M] () -- C:\Users\Kelvin\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/01/21 20:10:59 | 000,001,945 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/01/21 20:07:39 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\1043_ASUSTeK_N53Jf.alu
[2011/01/21 20:05:15 | 000,000,024 | ---- | M] () -- C:\Windows\ATKPF.ini
[2011/01/21 19:58:55 | 000,001,443 | ---- | M] () -- C:\Users\Kelvin\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/01/21 19:54:47 | 000,000,020 | ---- | M] () -- C:\Windows\DÃ³´

========== Files Created - No Company Name ==========

[2011/01/23 01:20:14 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/22 22:39:35 | 000,002,154 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/01/22 22:39:23 | 000,001,899 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/01/22 22:01:07 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/01/22 22:01:07 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/01/22 22:01:07 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/01/22 22:01:07 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/01/22 22:01:07 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/01/22 20:54:14 | 000,002,309 | ---- | C] () -- C:\Users\Kelvin\Documents\New Database.odb
[2011/01/22 20:50:57 | 000,001,241 | ---- | C] () -- C:\Users\Kelvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
[2011/01/22 20:37:54 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.2.lnk
[2011/01/22 19:26:17 | 004,133,268 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/01/22 11:46:46 | 3054,878,720 | -HS- | C] () -- C:\hiberfil.sys
[2011/01/21 23:14:36 | 000,001,916 | ---- | C] () -- C:\Users\Public\Desktop\FLV Player.lnk
[2011/01/21 23:12:51 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/01/21 23:10:59 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/01/21 23:10:50 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011/01/21 22:31:26 | 000,001,146 | ---- | C] () -- C:\Users\Public\Desktop\Hotspot Shield Launch.lnk
[2011/01/21 22:29:04 | 007,733,800 | ---- | C] () -- C:\Users\Kelvin\Desktop\HSS-1.57-install-anchorfree-247-conduit3.exe
[2011/01/21 21:55:14 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/01/21 21:51:25 | 000,001,113 | ---- | C] () -- C:\Users\Kelvin\Application Data\Microsoft\Internet Explorer\Quick Launch\Digsby.lnk
[2011/01/21 21:51:25 | 000,001,089 | ---- | C] () -- C:\Users\Kelvin\Desktop\Digsby.lnk
[2011/01/21 21:51:25 | 000,001,021 | ---- | C] () -- C:\Users\Kelvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Digsby.lnk
[2011/01/21 21:50:35 | 000,002,061 | ---- | C] () -- C:\Users\Kelvin\Desktop\Check PC For Errors.lnk
[2011/01/21 21:50:35 | 000,002,045 | ---- | C] () -- C:\Users\Kelvin\Application Data\Microsoft\Internet Explorer\Quick Launch\Check PC For Errors.lnk
[2011/01/21 21:49:47 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/01/21 20:45:37 | 000,017,044 | ---- | C] () -- C:\Users\Kelvin\Documents\cc_20110121_204534.reg
[2011/01/21 20:44:40 | 000,000,824 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/01/21 20:30:01 | 000,001,288 | ---- | C] () -- C:\Users\Kelvin\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/01/21 20:30:01 | 000,001,264 | ---- | C] () -- C:\Users\Kelvin\Desktop\Spybot - Search & Destroy.lnk
[2011/01/21 20:10:59 | 000,001,969 | ---- | C] () -- C:\Users\Kelvin\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/01/21 20:10:59 | 000,001,945 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/01/21 20:07:39 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\1043_ASUSTeK_N53Jf.alu
[2011/01/21 20:03:48 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
[2011/01/21 19:58:55 | 000,001,443 | ---- | C] () -- C:\Users\Kelvin\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/01/21 19:57:32 | 000,001,415 | ---- | C] () -- C:\Users\Kelvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2011/01/21 19:57:29 | 000,001,449 | ---- | C] () -- C:\Users\Kelvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/01/21 19:57:05 | 000,000,392 | ---- | C] () -- C:\Users\Public\Desktop\eBay.lnk
[2011/01/21 19:54:47 | 000,000,020 | ---- | C] () -- C:\Windows\DÃ³´
[2011/01/21 19:51:02 | 000,045,056 | ---- | C] () -- C:\Windows\SysNative\acovcnt.exe
[2011/01/21 19:50:52 | 000,002,180 | ---- | C] () -- C:\Users\Kelvin\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/01/21 19:50:52 | 000,000,290 | ---- | C] () -- C:\Users\Kelvin\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/01/21 19:50:52 | 000,000,272 | ---- | C] () -- C:\Users\Kelvin\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2010/11/07 10:45:23 | 000,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2010/11/07 10:45:03 | 000,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2010/11/07 10:44:24 | 000,000,105 | ---- | C] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
[2010/11/07 10:44:09 | 000,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2010/11/07 10:43:04 | 000,000,106 | ---- | C] () -- C:\ProgramData\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}.log
[2010/11/07 10:39:57 | 000,000,110 | ---- | C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2010/11/07 10:38:43 | 000,000,115 | ---- | C] () -- C:\ProgramData\{E3739848-5329-48E3-8D28-5BBD6E8BE384}.log
[2010/07/29 01:44:37 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/07/29 01:44:37 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010/02/09 15:07:38 | 000,000,269 | ---- | C] () -- C:\Windows\OOBEPlayer.ini
[2009/07/29 13:20:40 | 000,000,010 | ---- | C] () -- C:\Windows\SysWow64\ABLKSR.ini
[2009/07/14 07:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/14 05:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2006/05/19 11:39:57 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini

========== LOP Check ==========

[2011/01/21 19:58:38 | 000,000,000 | ---D | M] -- C:\Users\Kelvin\AppData\Roaming\Asus WebStorage
[2011/01/21 20:27:43 | 000,000,000 | ---D | M] -- C:\Users\Kelvin\AppData\Roaming\AVG10
[2011/01/21 20:00:27 | 000,000,000 | ---D | M] -- C:\Users\Kelvin\AppData\Roaming\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1
[2011/01/22 20:50:30 | 000,000,000 | ---D | M] -- C:\Users\Kelvin\AppData\Roaming\OpenOffice.org
[2011/01/22 21:56:55 | 000,000,000 | ---D | M] -- C:\Users\Kelvin\AppData\Roaming\SoftGrid Client
[2011/01/22 19:26:51 | 000,000,000 | ---D | M] -- C:\Users\Kelvin\AppData\Roaming\TP
[2009/07/14 13:08:49 | 000,006,622 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2009/06/15 19:11:59 | 000,000,054 | ---- | M] () -- C:\AdobeReader.log
[2009/07/14 09:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2009/07/29 14:03:37 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2011/01/24 01:27:44 | 000,091,130 | ---- | M] () -- C:\ComboFix.txt
[2010/11/07 11:33:54 | 000,014,815 | ---- | M] () -- C:\devlist.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2010/11/07 11:33:53 | 000,000,009 | ---- | M] () -- C:\Finish.log
[2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2011/01/23 17:31:41 | 3054,878,720 | -HS- | M] () -- C:\hiberfil.sys
[2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/11/07 08:44:20 | 000,075,280 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 08:44:20 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 08:44:20 | 000,090,128 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 08:44:20 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 08:44:20 | 000,094,224 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 08:44:20 | 000,080,400 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 08:44:20 | 000,078,864 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 08:44:20 | 000,074,768 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 08:44:20 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2010/10/14 19:21:15 | 002,097,152 | -H-- | M] () -- C:\N53Jf.BIN
[2010/10/15 16:32:19 | 000,000,019 | ---- | M] () -- C:\N53JF_WIN7.30
[2011/01/23 17:31:41 | 4073,172,992 | -HS- | M] () -- C:\pagefile.sys
[2006/05/14 00:22:24 | 000,000,005 | ---- | M] () -- C:\Pass.txt
[2010/10/15 16:32:19 | 000,000,007 | ---- | M] () -- C:\RECOVERY.DAT
[2010/11/07 11:17:03 | 000,002,428 | ---- | M] () -- C:\RHDSetup.log
[2011/01/22 22:25:17 | 000,000,361 | ---- | M] () -- C:\rkill.log
[2010/11/07 11:25:09 | 000,000,090 | ---- | M] () -- C:\setup.log
[2010/11/07 10:29:35 | 000,000,166 | ---- | M] () -- C:\SumHidd.txt
[2010/11/07 10:28:21 | 000,000,100 | ---- | M] () -- C:\SumOS.txt
[2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 08:50:40 | 001,927,956 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 08:53:12 | 000,242,176 | ---- | M] () -- C:\VC_RED.MSI

< %systemroot%\Fonts\*.com >
[2009/07/14 13:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 13:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 13:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 13:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/11 04:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2008/12/04 22:55:20 | 000,307,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >
[2011/01/23 15:32:47 | 000,001,670 | -HS- | M] () -- C:\Users\Kelvin\AppData\Roaming\Microsoft\LastFlashConfig.wfc

< %PROGRAMFILES%\*.* >
[2009/07/14 12:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >
[2009/10/26 11:38:22 | 000,000,176 | ---- | M] () -- C:\Windows\explorer.exe.config

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/01/21 19:58:55 | 000,000,221 | -HS- | M] () -- C:\Users\Kelvin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2011/01/21 22:29:55 | 007,733,800 | ---- | M] () -- C:\Users\Kelvin\Desktop\HSS-1.57-install-anchorfree-247-conduit3.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >
[2009/07/21 12:07:59 | 000,013,021 | ---- | M] () -- C:\Windows\snp2uvc.src

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/11 05:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2011/01/21 19:57:32 | 000,000,402 | -HS- | M] () -- C:\Users\Kelvin\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2010/11/07 10:44:19 | 000,000,109 | ---- | M] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2010/11/07 10:45:50 | 000,000,105 | ---- | M] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2010/11/07 10:44:05 | 000,000,106 | ---- | M] () -- C:\ProgramData\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}.log
[2010/11/07 10:45:15 | 000,000,107 | ---- | M] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2010/11/07 10:42:59 | 000,000,110 | ---- | M] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2010/11/07 10:44:27 | 000,000,105 | ---- | M] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
[2010/11/07 10:39:51 | 000,000,115 | ---- | M] () -- C:\ProgramData\{E3739848-5329-48E3-8D28-5BBD6E8BE384}.log

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >
ASUS_N3_Series Uninstaller.exe

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >

mrbiglive · 2011/01/23

(extras.txt)
---

OTL Extras logfile created on: 1/24/2011 7:59:17 AM - Run 1
OTL by OldTimer - Version 3.2.20.4 Folder = C:\Users\Kelvin\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Singapore | Language: ENE | Date Format: d/M/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 53.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 444.27 Gb Total Space | 413.58 Gb Free Space | 93.09% Space Free | Partition Type: NTFS

Computer Name: KELVIN-PC | User Name: Kelvin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2599028417-4041818518-3215170054-1002\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll ",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll ",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1 ",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll ",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll ",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0C682623-8F66-46A8-B9B3-93FE1E66A001}" = iTunes
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel(R) Turbo Boost Technology Monitor
"{48B0F24F-B828-4B1A-A22E-C65454B32A7A}" = Windows Live Family Safety
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{7F2540AD-FD82-427A-8FDC-33EC53C8B17A}" = Fresco Logic USB3.0 Host Controller
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{963BFE7E-C350-4346-B43C-B02358306A45}" = Apple Mobile Device Support
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid
"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
"{E77543EE-6FB5-4FF6-AB70-635392C8C756}" = Microsoft Security Client
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"CCleaner" = CCleaner
"Elantech" = ETDWare PS/2-x64 7.0.5.13_WHQL
"Microsoft Security Client" = Microsoft Security Essentials
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"USB2.0 UVC 2M WebCam" = USB2.0 UVC 2M WebCam

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}" = SonicMaster
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7424F8-F992-48BC-90EF-7C4DB0405E3F}" = Alcor Micro USB Card Reader
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = ASUS Video Magic
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{299CF645-48C7-4FA1-8BCD-5CE200CF180D}" = Microsoft Search Enhancement Pack
"{2B4C7E1E-E446-4740-ADB5-9842E742EE8A}" = Windows Live Toolbar
"{341697D8-9923-445E-B42A-529E5A99CB7A}" = syncables desktop SE
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{491ADA37-04EE-2ECE-9F86-DDC0106047AC}" = Times Reader
"{499DED08-6FA8-4749-8E94-8526CC9D1CA8}" = ExpressGate Cloud
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A13987D-55F4-4271-A40E-76AC9B1B38FD}" = OpenOffice.org 3.2
"{5B65EF64-1DFA-414A-8C94-7BB726158E21}" = ControlDeck
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7BF67A61-BE7C-4806-B93C-97F299D6A6FE}" = ASUS AI Recovery
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = ASUS MultiFrame
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B653A2EC-D816-4498-A4FD-651047AB9DC9}" = Boingo Wi-Fi
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
"{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaShow Espresso
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skypeâ„¢ 5.1
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{E71E60C1-533E-45A5-8D80-E475E88D2B17}_is1" = Game Park Console
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced Registry Optimizer_is1" = Advanced Registry Optimizer
"Amazon Kindle For PC" = Amazon Kindle For PC v1.0
"ASUS AP Bank_is1" = ASUS AP Bank
"ASUS WebStorage" = ASUS WebStorage
"ASUS_N3_Series" = ASUS_N3_Series
"Bookworm Deluxe" = Bookworm Deluxe
"com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1" = Times Reader
"Cooking Dash" = Cooking Dash
"Digsby" = Digsby
"FLV Player2.0.25" = FLV Player
"Google Chrome" = Google Chrome
"Governor of Poker" = Governor of Poker
"Hotel Dash Suite Success" = Hotel Dash Suite Success
"HotspotShield" = Hotspot Shield 1.57
"InstallShield_{1F7424F8-F992-48BC-90EF-7C4DB0405E3F}" = Alcor Micro USB Card Reader
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = ASUS Video Magic
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{499DED08-6FA8-4749-8E94-8526CC9D1CA8}" = ExpressGate Cloud
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaShow Espresso
"Jewel Quest 3" = Jewel Quest 3
"Luxor 3" = Luxor 3
"Mahjongg dimensions" = Mahjongg dimensions
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"NVIDIA.Updatus" = NVIDIA Updatus
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Plants vs Zombies" = Plants vs Zombies
"WinLiveSuite_Wave3" = Windows Live Essentials
"World of Goo" = World of Goo

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/21/2011 11:12:33 AM | Computer Name = Kelvin-PC | Source = System Restore | ID = 8193
Description =

Error - 1/21/2011 11:15:56 AM | Computer Name = Kelvin-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 1/21/2011 11:15:56 AM | Computer Name = Kelvin-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1029

Error - 1/21/2011 11:15:56 AM | Computer Name = Kelvin-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1029

Error - 1/22/2011 3:42:41 AM | Computer Name = Kelvin-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 1/22/2011 3:42:41 AM | Computer Name = Kelvin-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1045

Error - 1/22/2011 3:42:41 AM | Computer Name = Kelvin-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1045

Error - 1/22/2011 3:42:42 AM | Computer Name = Kelvin-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 1/22/2011 3:42:42 AM | Computer Name = Kelvin-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2059

Error - 1/22/2011 3:42:42 AM | Computer Name = Kelvin-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2059

[ System Events ]
Error - 1/21/2011 9:13:32 AM | Computer Name = Kelvin-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 9:11:16 PM on ?21/?1/?2011 was unexpected.

Error - 1/21/2011 10:31:08 AM | Computer Name = Kelvin-PC | Source = Service Control Manager | ID = 7030
Description = The Hotspot Shield Service service is marked as an interactive service.
However, the system is configured to not allow interactive services. This service
may not function properly.

< End of report >

broni · 2011/01/23

Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.

Accept any prompts.

===============================================================

Run OTL
Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
Code:
:OTL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - Startup: C:\Users\Kelvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Digsby.lnk = C:\Program Files (x86)\Digsby\digsby.exe ()
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
[2011/01/21 21:51:26 | 000,000,000 | ---D | C] -- C:\Users\Kelvin\AppData\Roaming\Digsby
[2011/01/21 21:51:26 | 000,000,000 | ---D | C] -- C:\Users\Kelvin\AppData\Local\Digsby
[2011/01/21 21:51:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Digsby
[2011/01/21 21:45:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Digsby
[2011/01/21 21:45:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Digsby
[2011/01/21 21:50:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Registry Optimizer
[2011/01/21 21:50:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Advanced Registry Optimizer
[2011/01/21 20:27:43 | 000,000,000 | ---D | C] -- C:\Users\Kelvin\AppData\Roaming\AVG10
[2011/01/21 20:25:52 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2011/01/21 20:25:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2011/01/21 21:55:14 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat
[2011/01/21 21:51:25 | 000,001,113 | ---- | M] () -- C:\Users\Kelvin\Application Data\Microsoft\Internet Explorer\Quick Launch\Digsby.lnk
[2011/01/21 21:51:25 | 000,001,089 | ---- | M] () -- C:\Users\Kelvin\Desktop\Digsby.lnk
[2011/01/21 21:51:25 | 000,001,021 | ---- | M] () -- C:\Users\Kelvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Digsby.lnk


:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
Then click the [color= "#FF0000"]Run Fix[/color] button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.
==============================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program

Tick the box next to YES, I accept the Terms of Use

Click Start

IMPORTANT! UN-check Remove found threats

Accept any security warnings from your browser.

Check Scan archives

Click Start

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

When the scan completes, push List of found threats

Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

NOTE. If Eset won't find any threats, it won't produce any log.

mrbiglive · 2011/01/24

here is the new OTL.txt file after the Java remover
_________
All processes killed
Error: Unable to interpret <O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.> in the current context!
Error: Unable to interpret <O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.> in the current context!
Error: Unable to interpret <O4 - Startup: C:\Users\Kelvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Digsby.lnk = C:\Program Files (x86)\Digsby\digsby.exe ()> in the current context!
Error: Unable to interpret <O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found> in the current context!
Error: Unable to interpret <O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found> in the current context!
Error: Unable to interpret <[2011/01/21 21:51:26 | 000,000,000 | ---D | C] -- C:\Users\Kelvin\AppData\Roaming\Digsby> in the current context!
Error: Unable to interpret <[2011/01/21 21:51:26 | 000,000,000 | ---D | C] -- C:\Users\Kelvin\AppData\Local\Digsby> in the current context!
Error: Unable to interpret <[2011/01/21 21:51:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Digsby> in the current context!
Error: Unable to interpret <[2011/01/21 21:45:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Digsby> in the current context!
Error: Unable to interpret <[2011/01/21 21:45:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Digsby> in the current context!
Error: Unable to interpret <[2011/01/21 21:50:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Registry Optimizer> in the current context!
Error: Unable to interpret <[2011/01/21 21:50:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Advanced Registry Optimizer> in the current context!
Error: Unable to interpret <[2011/01/21 20:27:43 | 000,000,000 | ---D | C] -- C:\Users\Kelvin\AppData\Roaming\AVG10> in the current context!
Error: Unable to interpret <[2011/01/21 20:25:52 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10> in the current context!
Error: Unable to interpret <[2011/01/21 20:25:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG> in the current context!
Error: Unable to interpret <[2011/01/21 21:55:14 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat> in the current context!
Error: Unable to interpret <[2011/01/21 21:51:25 | 000,001,113 | ---- | M] () -- C:\Users\Kelvin\Application Data\Microsoft\Internet Explorer\Quick Launch\Digsby.lnk> in the current context!
Error: Unable to interpret <[2011/01/21 21:51:25 | 000,001,089 | ---- | M] () -- C:\Users\Kelvin\Desktop\Digsby.lnk> in the current context!
Error: Unable to interpret <[2011/01/21 21:51:25 | 000,001,021 | ---- | M] () -- C:\Users\Kelvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Digsby.lnk> in the current context!
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Kelvin
->Temp folder emptied: 3089770 bytes
->Temporary Internet Files folder emptied: 1010686 bytes
->Java cache emptied: 2027 bytes
->FireFox cache emptied: 46854601 bytes
->Flash cache emptied: 3053 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 11320 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 49.00 mb

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Kelvin
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.20.4 log created on 01242011_210521

Files\Folders moved on Reboot...
C:\Users\Kelvin\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

mrbiglive · 2011/01/24

here is checkup.txt
----
Results of screen317's Security Check version 0.99.7
Windows 7 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 23
Out of date Java installed!
Adobe Flash Player 10.0.32.18
Adobe Reader 9.1 MUI
Out of date Adobe Reader installed!
Mozilla Firefox (3.6.13)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSMpEng.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
``````````End of Log````````````

mrbiglive · 2011/01/24

here's eset online scanner
---
C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe a variant of Win32/HotSpotShield application
C:\Users\Kelvin\Desktop\HSS-1.57-install-anchorfree-247-conduit3.exe a variant of Win32/HotSpotShield application

Log in or Sign up

Solved Redirected to Qbyrd and Ask.com

mrbiglive Inactive Thread Starter

PeteC SuperGeek Staff

mrbiglive Inactive Thread Starter

Admin. Administrator Administrator Staff

mrbiglive Inactive Thread Starter

broni Moderator Malware Analyst

mrbiglive Inactive Thread Starter

mrbiglive Inactive Thread Starter

broni Moderator Malware Analyst

mrbiglive Inactive Thread Starter

mrbiglive Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

mrbiglive Inactive Thread Starter

mrbiglive Inactive Thread Starter

mrbiglive Inactive Thread Starter

broni Moderator Malware Analyst

mrbiglive Inactive Thread Starter

mrbiglive Inactive Thread Starter

mrbiglive Inactive Thread Starter

Share This Page

Log in or Sign up

Solved Redirected to Qbyrd and Ask.com

mrbiglive Inactive Thread Starter

PeteC SuperGeek Staff

mrbiglive Inactive Thread Starter

Admin. Administrator Administrator Staff

mrbiglive Inactive Thread Starter

broni Moderator Malware Analyst

mrbiglive Inactive Thread Starter

mrbiglive Inactive Thread Starter

broni Moderator Malware Analyst

mrbiglive Inactive Thread Starter

mrbiglive Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

mrbiglive Inactive Thread Starter

mrbiglive Inactive Thread Starter

mrbiglive Inactive Thread Starter

broni Moderator Malware Analyst

mrbiglive Inactive Thread Starter

mrbiglive Inactive Thread Starter

mrbiglive Inactive Thread Starter

Share This Page

Useful Searches